Thursday, June 26, 2014

Use PowerShell to Create a new Sync Rule in AAD Sync

Programmatic access to the sync engine has been a long time coming, so I’m pretty excited to see this stuff working.  Here’s an example for creating a sync rule using PowerShell.


### Import the AAD Sync module

Import-Module PowerShellConfig


### Create a new sync rule

Initialize-SynchronizationRule -Name foo -Connector 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5 -Direction Inbound -SourceObjectType user -TargetObjectType person -Precedence 5000 -LinkType Join | New-SynchronizationRule


### Create a new sync rule using splatting

$syncRuleParameters = @{

    Name             = 'foo'

    Connector        = '5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5'

    Direction        = 'Inbound'

    SourceObjectType = 'user'

    TargetObjectType = 'person'

    Precedence       = 5000

    LinkType         = 'Join'


Initialize-SynchronizationRule @syncRuleParameters | New-SynchronizationRule


### Get the sync rule

Get-SynchronizationRule | Where Name -eq foo




The results for the last command should output something like this:


Identifier               : 27960beb-5c01-4d07-a23b-27f211cb14fe

Name                     : foo

Version                  : 1

Description              :

ImmutableTag             :

Connector                : 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5

Direction                : Inbound

SourceObjectType         : user

TargetObjectType         : person

Precedence               : 5000

PrecedenceAfter          : 00000000-0000-0000-0000-000000000000

LinkType                 : Join

JoinFilter               : {}

ScopeFilter              : {}

AttributeFlowMappings    : {}

SoftDeleteExpiryInterval : 00:00:00

SourceNamespaceId        : 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5

TargetNamespaceId        : cc31d470-9786-447f-8594-40abe13f9f78


Note that AAD Sync lets you create the same rule multiple times because the ‘name’ property does not need to be unique since each rules gets its own identifier guid.

Also note that the rule gets created without any join, scope or attribute flows, it is really just the minimum rule so far.

No comments: