With a relatively recent Azure AD hybrid directory under our belts, we decided at work not to use the older Azure AD Connect tool and instead use the newer Azure AD Connect Cloud Sync. It’s lighter weight, doesn’t require a SQL database — lots of reasons to love it.
It does appear that, juuuust in time for our deployment, password writeback is supported, in preview.
However, I struggled to follow the official instructions to enable it, as the cmdlet did not seem to be available after importing the DLL.
Import-Module 'C:\\Program Files\\Microsoft Azure AD Connect Provisioning Agent\\Microsoft.CloudSync.Powershell.dll' Set-AADCloudSyncPasswordWritebackConfiguration -Enable $true -Credential $(Get-Credential)
Set-AADCloudSyncPasswordWritebackConfiguration : The term 'Set-AADCloudSyncPasswordWritebackConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Set-AADCloudSyncPasswordWritebackConfiguration + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Set-AADCloudSyn...ckConfiguration:String) , CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
A little bit of investigating revealed that the DLL does indeed export the cmdlet, so what is going on?
I tried to run the above in PowerShell 7. It imported the cmdlet, but hit an issue with running it when importing its required libraries.
My workaround is to use PowerShell 7, but import the module with the -UseWindowsPowershell compatibility switch.
Import-Module "C:\Program Files\Microsoft Azure AD Connect Provisioning Agent\Microsoft.CloudSync.Powershell.dll" -UseWindowsPowerShell Set-AADCloudSyncPasswordWritebackConfiguration -Enable $true -Credential $(Get-Credential)
And with that, password writeback is working on Azure AD Cloud Sync!