Azure AD or Entra ID Connect Configuration Documenter

In today’s post, I’ll explain how to use the Azure AD or Entra ID Connect Configuration Documenter to compare configurations between two Azure AD Connect servers. This tool is valuable for documenting, troubleshooting, and ensuring configuration consistency in environments that use Azure AD Connect for identity synchronization.

The Azure AD Connect Configuration Documenter is a tool designed to generate comprehensive documentation of an Azure AD Connect sync configuration. This is particularly useful for understanding the sync configuration, monitoring changes after updates, and building confidence when making adjustments to the default settings. Key functionalities of the tool include generating documentation, comparing configurations between different servers, and creating PowerShell deployment scripts to migrate sync rule customizations.

Key Features of Azure AD Connect Configuration Documenter

  1. Comprehensive Documentation: Generates documentation of the entire Azure AD Connect sync configuration.
  2. Configuration Comparison: Allows comparisons between two Azure AD Connect sync servers or changes from a defined baseline configuration.
  3. PowerShell Deployment Scripts: Creates scripts for migrating sync rule customizations or configuration changes from one server to another.

Prerequisites

To run the Azure AD Connect Configuration Documenter, ensure the following:

  • .NET Framework 4.5: Required to run the tool.
  • Modern Browser: Such as Microsoft Edge to view the generated report.
  • Understanding of Sync Engine Concepts: Knowledge of MIIS 2003, ILM 2007, FIM 2010, MIM 2016, or AAD Sync is beneficial for interpreting the report.

Download Link

You can download the latest release of the tool from Azure AD Connect Configuration Documenter on GitHub.

How to Use the Tool

Here’s a guide for different scenarios, including documentation generation, comparison between servers for migration, and tracking in-place upgrades.

Generating a Report for the Current Server Configuration

  1. Download and extract the latest release from GitHub.
  2. Run the executable file (AzureADConnectSyncDocumenter.cmd) to ensure the tool opens correctly.
  3. Export Configuration:powershellCopy codeImport-Module ADSync Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER01" Copy the exported configuration folder (e.g., AADC-SERVER01) to the “Data” directory of the tool.
  4. Generate Report: Run the command:cmdCopy code.\AzureADConnectSyncDocumenter.exe "AADC-SERVER01" "AADC-SERVER01" The report will be saved in the “Report” folder.

Swing Migration Comparison (Old vs. New Server)

  1. Export Configurations for both old and new Azure AD Connect servers:


Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-OLD" 

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-NEW"
  1. Copy Configuration Folders to the Documenter’s “Data” directory.
  2. Run Comparison:
.\AzureADConnectSyncDocumenter.exe "AADC-SERVER-OLD" "AADC-SERVER-NEW"
  1. The comparison report will be available in the “Report” folder.

In-Place Upgrade Comparison (Before and After Upgrade)

  1. Export Server Configurations before and after the upgrade:
Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-BEFORE" 

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-AFTER"
  1. Run Comparison:
.\AzureADConnectSyncDocumenter.exe "AADC-SERVER-AFTER" "AADC-SERVER-BEFORE"

DEV to PROD Environment Comparison

  1. Export Configurations for both DEV and PROD environments:powershellCopy code
Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-DEV" 

Get-ADSyncServerConfiguration -Path "C:\Temp\AADC-SERVER-PROD"
  1. Edit XML Files (if necessary): Ensure connector names match between configurations.
  2. Generate Comparison Report:cmdCopy code.\AzureADConnectSyncDocumenter.exe "AADC-SERVER-DEV" "AADC-SERVER-PROD"

Additional Examples and Tips

  • Configuration Baseline: For monitoring changes after updates, save an initial baseline configuration to compare future exports.
  • Sample Report: Explore a sample report on the tool’s GitHub to better understand the output format.

This tool is invaluable for administrators managing Azure AD Connect, providing a clear view of configurations, modifications, and how synchronization processes function across environments.

Tags
Junaid Ahmed
Junaid Ahmed

Junaid Ahmed is a Cloud Infrastructure and Identity Management expert with 10+ years of experience specializing in Azure Entra ID, ADFS, Hybrid Identity, and Azure Infrastructure Management. He has a proven track record of leading secure identity solutions, deploying high-value security projects, and troubleshooting complex Azure issues for global clients. Junaid excels in enhancing system performance, facilitating seamless collaboration across organizations, and delivering expert guidance on cloud migrations and infrastructure optimization. He seeks to leverage his expertise in a challenging Cloud Solution Architect role to drive success through innovative cloud solutions.

Articles: 30

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Managing Enterprise App Registrations in Entra ID
Agile Ceremonies Format and Sample Agenda
Agile Testing
SLIs, SLOs, SLAs, DevOps and SRE
WordPress Appliance - Powered by TurnKey Linux