Programmatic access to the sync engine has been a long time coming, so I’m pretty excited to see this stuff working. Here’s an example for creating a sync rule using PowerShell.
### Import the AAD Sync module
Import-Module PowerShellConfig
### Create a new sync rule
Initialize-SynchronizationRule -Name foo -Connector 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5 -Direction Inbound -SourceObjectType user -TargetObjectType person -Precedence 5000 -LinkType Join | New-SynchronizationRule
### Create a new sync rule using splatting
$syncRuleParameters = @{
Name = 'foo'
Connector = '5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5'
Direction = 'Inbound'
SourceObjectType = 'user'
TargetObjectType = 'person'
Precedence = 5000
LinkType = 'Join'
}
Initialize-SynchronizationRule @syncRuleParameters | New-SynchronizationRule
### Get the sync rule
Get-SynchronizationRule | Where Name -eq foo
The results for the last command should output something like this:
Identifier : 27960beb-5c01-4d07-a23b-27f211cb14fe
Name : foo
Version : 1
Description :
ImmutableTag :
Connector : 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5
Direction : Inbound
SourceObjectType : user
TargetObjectType : person
Precedence : 5000
PrecedenceAfter : 00000000-0000-0000-0000-000000000000
LinkType : Join
JoinFilter : {}
ScopeFilter : {}
AttributeFlowMappings : {}
SoftDeleteExpiryInterval : 00:00:00
SourceNamespaceId : 5a7d2cfc-ae5b-417e-8143-3eb5e058b8c5
TargetNamespaceId : cc31d470-9786-447f-8594-40abe13f9f78
Note that AAD Sync lets you create the same rule multiple times because the ‘name’ property does not need to be unique since each rules gets its own identifier guid.
Also note that the rule gets created without any join, scope or attribute flows, it is really just the minimum rule so far.
No comments:
Post a Comment