0 votes

Hello,

We are currently evaluating Adaxes for our own consulting company and for our customers too.

Our setup include AD On Prem with Azure AD Connect which sync new identities to Azure AD on a schedule.

When we create or update a new account with Adaxes we can rely on Azure AD support but that's kinda partial for what I see.

The best option would be to trigger the Azure AD sync command when we save, to have a more complete scenario.

We followed the related documenation to add a custom action for that purpose, but we end with a priviledge issue.

What is the proper way to have out Adaxes service account allowed to start the sync? This part is not in the documentation we found.

Thanks a lot

by (160 points)
0

Hello,

We followed the related documenation to add a custom action for that purpose

Could you, please, provide all the possible details regarding the workflow you have configured? Please, post here or send us (support@adaxes.com) screenshots.

we end with a priviledge issue.

What exactly do you mean? Do you face any error messages? If so, please, post here or send us screenshots.

0

Hello

Sorry, I forgot to close this topic.

Issue I got was not permission related but context related. We had to import the PowerShell Module before running the delta sync.

This is our final configuration:

Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Start-ADSyncSyncCycle -PolicyType Delta

1 Answer

0 votes
by (208k points)

Hello,

Thank you for the confirmation. You can also use the below script where the $dirsyncServer variable specifies the fully qualified domain name of the server that hosts the AAD Connect tool.

$dirsyncServer = "dirsync.domain.com" # TODO: modify me

Invoke-Command -ComputerName $dirsyncServer -ErrorAction Stop -ScriptBlock {
    Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"

    Start-ADSyncSyncCycle -PolicyType Delta
}

Related questions

0 votes
1 answer

Hello Forum, in our Adaxes environment we have a lot of security roles (one Security Role per Department). This allows the management of the Department to modify their Users / ... copy it to my newly created Role in powershell? Thanks a lot for your help.

asked Apr 30, 2015 by esoAdxAdmin (650 points)
0 votes
1 answer

Hi there, We would like to manage some specific child object, for example msFVE-RecoveryInformation object which is a child of the computer object and contain the bitlocker ... ActiveSync objects to, which are child of user objects. Thanks in advance Stephen

asked Aug 5, 2011 by sroux (800 points)
0 votes
1 answer

I only want to allow a security role to write 'user must change password at next logon' and not all options they have under 'Account Options'. The only permission I can see in ... ". I'd rather not assign permissions to all these settings if I don't have to.

asked Apr 6 by cfrazier (20 points)
0 votes
1 answer

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active ... to leave the question 'blank', which means that no one gets access to the mailbox.

asked Apr 22, 2020 by RayBilyk (180 points)
0 votes
1 answer

We are using the SeeAlso attribute to store who is responsible for specific accounts. We do not wish to use the Manager field, because the Manager/Direct Report structure is ... to, for example, extende the expiration date of an account. Is that possible?

asked Jan 28, 2020 by manuel.galli (100 points)
2,572 questions
2,315 answers
6,171 comments
742,191 users