Azure AD Connect is responsible for synchronizing Directory objects and their attributes from/To your premises environment to your Azure Directory blade that supports your tenant.
To circumvent this last situation, Microsoft has built in a deletion threshold into Azure AD Connect. When the threshold is reached while running an Export operation (writing to a connected directory), Azure AD Connect stops synchronizing to prevent further harm.
Read more here:
<#
.NOTES
#=============================================
# Script : Enable-Disable-ADSyncExportDeletionThreshold.ps1
# Created : ISE 3.0
# Author(s) : casey.dedeal
# Date : 04/06/2020 10:01:08
# Org : ETC Solutions
# File Name : Enable-Disable-ADSyncExportDeletionThreshold.ps1
# Comments : DSyncExportDeletionThreshold TSA default 1500
# Assumptions : AD Sync is broken due to large data DELETION
#==============================================
SYNOPSIS : Enable-Disable-ADSyncExportDeletionThreshold.ps1
DESCRIPTION : Enable-Disable-ADSyncExportDeletionThreshold.ps1
Acknowledgements : Open license
Limitations : None
Known issues : None
Credits : None
#******************************************************************
MAKE SURE to investigate LARGE DATA DELETION, it is <intended/legitimate> before using script below
#******************************************************************
# TSA existing policy on normal run time
DeletionPrevention : EnabledForCount
ThresholdPercentage : 0
ThresholdCount : 1500
# Make sure above default values retain on normal run time
.EXAMPLE
.\Enable-Disable-ADSyncExportDeletionThreshold.ps1
MAP:
-----------
#(1)_.Provide GA credentials
#(2)_.Get existing settings
#(3)_.DISABLE ADSyncExportDeletionThreshold
#(4)_.VERIFY ADSyncExportDeletionThreshold
#(5)_.Run Force Sync
#(6)_.Enable-ADSyncExportDeletionThreshold
#(7)_.VERIFY ADSyncExportDeletionThreshold setting make sure TSA defaults in place
#>
#(1)_.Provide GA credentials
$adminName = 'Casey.Dedeal'
$tenatUPN = '@CloudSec365.onmicrosoft.com'
$adminUPN = $adminName+$tenatUPN
$AzureCred = Get-Credential $adminname
#(2)_.Get existing settings
$Current_Set = (Get-ADSyncExportDeletionThreshold -AADCredential $AzureCred)
$Current_Set | select DeletionPrevention,ThresholdPercentage,ThresholdCount
$Current_Set | fl
read-host 'Press <ENTER> to open GridView'
$Current_Set | Out-GridView
#(3)_.DISABLE ADSyncExportDeletionThreshold
Write-Warning 'Below cmdlet will DISABLE ADSyncExportDeletionThreshold'
read-host 'Press <ENTER> to continue'
Disable-ADSyncExportDeletionThreshold -AADCredential $AzureCred -WhatIf
#(4)_.VERIFY ADSyncExportDeletionThreshold
Write-Warning 'Below cmdlet will verify changes'
read-host 'Press <ENTER> to continue'
Try{
$Current_Set =(Get-ADSyncExportDeletionThreshold -AADCredential $AzureCred -ErrorAction Stop) | `
Select DeletionPrevention,ThresholdPercentage,ThresholdCount
$DelPrev =(Get-ADSyncExportDeletionThreshold -AADCredential $AzureCred -ErrorAction Stop).DeletionPrevention
if($DelPrev -like 'Disabled'){
Write-host 'Deletion Prevention is <TURNED OFF>' -f Yellow -b DarkRed
$Current_Set | fl
}else{
Write-host 'Deletion Prevention is <TURNED ON>' -f Green
$Current_Set | fl
}
}Catch{
Write-Host $PSItem -f Cyan
Write-Log "ERROR FOUND: $($PSItem.ToString())" -Severity Error
}
#(5)_.Run Force Sync
Write-Warning 'Below cmdlet will kick off FORCE AD SYNC'
read-host 'Press <ENTER> to continue'
Start-ADSyncSyncCycle –PolicyType Delta -Verbose
#(6)_.Enable-ADSyncExportDeletionThreshold
Write-Warning 'Below cmdlet Will Enable-ADSyncExportDeletionThreshold'
read-host 'Press <ENTER> to continue'
Enable-ADSyncExportDeletionThreshold -AADCredential $AzureCred -WhatIf
#(7)_.VERIFY ADSyncExportDeletionThreshold setting make sure TSA defaults in place
Write-Warning 'Below cmdlet will verify changes'
read-host 'Press <ENTER> to continue'
$DelPrev = (Get-ADSyncExportDeletionThreshold -AADCredential $AzureCred).DeletionPrevention
If ($DelPrev -like 'Disabled'){
Write-host 'Deletion Prevention is <TURNED OFF>' -f Yellow -b DarkRed
}else{
Write-host 'Deletion Prevention is <TURNED ON>' -f Green
}
|
Casey, DeDeal
Azure Solutions Architect
AWS Certified Cloud Practitioner
No comments:
Post a Comment