Identify Objects with DirSyncProvisioningErrors using PowerShell

Connect-MsolService

Find out how to identify objects that have DirSyncProvisioningErrors using PowerShell. Some time ago we added an article on how to Identify Azure AD provisioning errors. In this short post, I will share a simple script for creating a CSV report for such errors.

Azure Active Directory

To get errors we need to first connect to Azure Active Directory using Connect-MsolService and entering credentials for a tenant administrator.

Credentials:

$AzureUsername   = 'xxxxxxxxxxxxxxxxxxxxxxxxx'
$Password        = "xxxxxxxxxxxxxxxxxxx"
$SecureString    = ConvertTo-SecureString -AsPlainText $Password -Force
$SecuredCreds    = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AzureUsername,$SecureString

Connection and import session:

(Connect-MsolService -Credential $SecuredCreds)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $SecuredCreds -Authentication Basic -AllowRedirection
(Import-PSSession $Session -DisableNameChecking) 

Now we can execute one of the MSOnline module commands.

DirSyncProvisioningErrors

Once we are connected we can just run Get-MsolDirSyncProvisioningError with the following parameters to get all DirSyncProvisioningErrors :

The Get-MsolDirSyncProvisioningError cmdlet checks for objects with synchronization provisioning errors in a tenant.

Get-MsolDirSyncProvisioningError -All | select DisplayName,ObjectID,ObjectType,ProvisioningErrors

This will return output in console:

DirSyncProvisioningErrors

For more details go to the Microsoft Docs page.

Final script

Below you can find final script that will:

  • Connect to Azure Active Directory using admin credentials ($AzureUsername)
  • Get all the errors using Get-MsolDirSyncProvisioningError
  • For each error create a custom object
  • Export results to CSV file on your desktop
    ###### Params ################################################################################################################
	$AzureUsername   = 'xxxxxxxxxxxxxxxxxxxxxxxxx'
	$Password        = "xxxxxxxxxxxxxxxxxxx"
	$SecureString    = ConvertTo-SecureString -AsPlainText $Password -Force
    $SecuredCreds    = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AzureUsername,$SecureString
    $OutputCSV       = "$Env:USERPROFILE\desktop\DirSyncProvisioningErrors_$(Get-Date -Format "yyyyMMdd").csv"


    ###### Connecting ############################################################################################################   
    Try{
        [void] (Connect-MsolService -Credential $SecuredCreds)
    
        $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $SecuredCreds -Authentication Basic -AllowRedirection
        [void] (Import-PSSession $Session -DisableNameChecking) 
    }
    Catch{
        $_.Exception.Message
        Read-Host 'Press enter to close the window'
        Remove-PSSession $Session
        Exit
    } 


    ###### Getting errors ########################################################################################################
    If(Get-MsolHasObjectsWithDirSyncProvisioningErrors){
        Try{
            $Errors = Get-MsolDirSyncProvisioningError -All | select DisplayName,ObjectID,ObjectType,ProvisioningErrors
            $Results = Foreach ($i in $Errors){
                $AllErrors = $i.ProvisioningErrors
                $AllErrors | %{
                    $ErrorItem = $_
                    Get-AzureADObjectByObjectId -ObjectIds $i.objectid | Foreach{
  
                        New-Object PSObject -Property ([ordered]@{ 
  
                            'Displayname'        = $i.displayname
                            'ObjectType'         = $i.ObjectType
                            'Attribute'          = $ErrorItem.propertyname
                            'Conflicting value'  = $ErrorItem.propertyvalue
                        })
                    } 
                }
            }
        }
        Catch{
            $_.Exception.Message
            Read-Host 'Press enter to close the window'
            Remove-PSSession $Session
            Exit
        }
    }


    ###### Results ###############################################################################################################
    If($Results){
        $Results | Format-Table -AutoSize
        
        #Exporting CSV
        $Results | Export-CSV $OutputCSV -NoTypeInformation -Force 
    }

    Remove-PSSession $Session

After running this script we should get detailed results like:

DirSyncProvisioningErrors

I hope this was informative for you 🙂 See you in the next articles.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.