Update Active Directory Changes to Azure Manually using PowerShell

Using PowerShell to sync changes to Azure from local Active Directory

PowerShell Command to initiate an Azure AD Sync

Running  Active Directory and Azure AD Connect to sync local changes to Azure can sometimes require manually updating or submitting those changes to Azure. 

This can be done using PowerShell and a simple command that will send changes to Azure. Password changes are fast but other changes in group or user properties can take some time. This will help speed that up. 

Simple open a PowerShell command prompt on the Azure AD connect server as admin . Then run the following command as shown in the screen capture:

     Start-ADSyncSyncCycle -policyType Delta 

Be sure to include the Delta portion of the command . do not use initial. Using the initial option could potentially cause issues. 

This will sync all recent changes from yur local AD to Azure immediately.  if you're not having any local AD replication issues then you will nearly immediately see the updates in Azure. 

Speed up replication between local domain controllers 

To speed up replication between all domain controllers run the command at an elevated command prompt:   repadmin /syncall  /APeD . 

Please share this post or link to it.  

Show Windows user SID easy Command Line

 

 Display Windows Local user SID easy Command Line 

To get the user SID for an active directory domain account of the logged in user use the simple whoami command. 

The whoami command when run from a command prompt will display the currently logged in user.  This command though not well known is often used by technicians who are remote controlling a desktop proving remote support and are working out an issue related to user accounts a or a user profile issue. 

When working with profile issues, it's often necessary to know the SID of the user. The method that's simple and works to display the user SID is opening a command prompt and running the whoami command with a command line option /user as shown below: 

              c:\>whoami /user   

Displays the results as shown in the image below. 

          

               

To get the SID on a local user account on Windows desktop , not domain account, the following command will display that. 

             wmic useraccount where name='username' get sid

Use PowerShell to get SID of local user  (replace USERNAME with the actual username)

 Open a PowerShell window and prompt then run the following. 

              Get-LocalUser -Name $env:USERNAME | Select sid 

  

Get Domain User or Group Name from SID

The following PowerShell command will display the account of a domain group or domain user from the SID . It will also look in deleted AD objects as well. 

   $SID = "S-1-5-21-xxxxxxx-xxxxxxx-xxxxxx-xxxx"

   Get-ADObject  -includeDeletedObjects -Filter * -Properties * | where{$_.objectSid -eq $SID}

     

The output of this command returned nothing, that let's us know there is no AD account , user or group, with that SID. 

Here is one that was in Active Directory. Again , we use the same PowerShell command for users and Groups but the output results differs greatly as you can see.  This object was found in Active Directory. 

The command could also be run using a wildcard, an asterisk , in the SID  to return all the accounts that begin with the same characters. Like this. 

                                             $SID = "S-1-5-21-*"

 

  

Whether your team or you are onsite or accessing systems remotely to manage and maintain, you can enhance your efforts easily and affordably. Run PowerShell commands to fix user accounts or look-up SIDs in Active Directory plus much more. Get the positive reaction and response from clients that you deserve with Online Remote Support Software. Access Server and desktop computers on physical or virtual PCs remotely. With full web based Software for Online Desktop Support screen-sharing sessions and file transfer are easy for providing better remote support and customer care.   

 Adding TXT (TEXT) DNS record using Godaddy DNS manager 

Just about all cloud services and other services such as acquiring SSL certificates or domain verification for certificates requires proving you have control of the domain. For example, just obtaining Microsoft Exchange online access requires verifying the domain. Digicert is another that provides as one of the methods to prove domain ownership and control TXT DNS record verification option. This works great and only requires creating a harmless TXT record to verify. 

In this case, what needed to be done was to create a TXT record for domain validation by Digicert. It could have been any CA authority. 

Login to Godaddy

Go to domain / domain settings / management and click Add 

    

         

Then just either add @ for the domain by itself or add the host name also called the subdomain in DNS-land  

In this case it was a verification text for sslvpn . Also added into the value field the text code provided by the service provider like Microsoft Azure or in this this case Digicert for validation of the domain .  .. .and don't worry about making a mistake because nothing can break if you do it wrong the first time.   Update the TTL to 1 hour unless a different TTL was requested by the service provider for this record. I find 1 hour works well. 

 

Then click Save.

 

I've noticed these addition take only minutes top propagate. Unlike a few years back you could be waiting longer. That's it. You return to the providers page where they'll have a "check" button to see if the record exists. If it doesn't find it the first try , wait a few minutes and try again. 

IT technical support has so many sides. There's issues such as renewing SSL certificates or validating domain.s There are cloud services that provide a vast number of services. Then there's the general but most important desktop support.  All these cloud services and validating of domain and acquiring SSL certificates wouldn't be needed if there are no users. Let's face-it, users of all these services are on desktops and laptop computers mostly. 

Although smartphone market is as huge with every person having at least one device, the desktop computer and laptop users are still the base of most things business. Online software for desktop support is still the number one requirement for business or independent  technical support specialist and providers. From the largest MSPs such as the one I am affiliated with to the smallest one man shop working from a basement of garage, online support is still the number one best investment. remote access and control of desktop through the web to provide remote control screen sharing support in one of the most required services for providing help and assistance to users internally or over the web. Without computers running, why else would be need so many cloud services.