Running a DirSync from a remote computer

If you wish to force a manual synchronisation from a remote computer, a remote command must be issued to the Dirsync Server.

We have created a script to aid this, but it needs basic modification before it will work in your environment.

Unsigned scripts must be enabled on the remote computer by running the powershell command ‘set-executionpolicy Unrestricted’.

Variables need to be set inside the script for the servername, user account to connect to the dirsync server, path to store the credential file and the credentials file name.

This script will do the following;

  • Check if the stored credential path exists, and if it doesn’t – it will perform the following
    1. Create the path
    2. Enable Powershell Remoting
    3. Add the DirSync server to the allowed remote hosts
    4. Restart the WinRM Server
  • Check if the credential file exists and if it doesn’t prompt for credentials and store them as a secure string in the file specified (this must be done on a per-user basis, the credential file cannot be copied to another user).
  • Use the stored credential to connect to the Dirsync server and initiate the command.

The powershell script is below:

#Attributes

$DirsyncServer = "dirsync-server.fqdn"  # FQDN of the Dirsync Server

$AdminName = "domain\username"  # User account with permissions to the server

$path = "C:\Dirsync credential\" # The Folder to store the credentials (with the trailing \)

$CredsFile = $path + "Dirsync-PowershellCreds.txt" # The file that will contain the securestring

#Check for Stored Credentials

 if((Test-Path $path) -eq 0)

    {

        #First run: Create the path & enable PSRemoting   

        mkdir $path;

        Enable-PSRemoting -Force

        Set-Item WSMAN:\localhost\client\trustedhosts $DirsyncServer

        Restart-Service WinRM

    }

$FileExists = Test-Path $CredsFile

if  ($FileExists -eq $false) {

    Write-Host 'Credential file not found. Enter your password:' -ForegroundColor Red

    Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File $CredsFile

    $password = get-content $CredsFile | convertto-securestring

    $Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName,$password}

else

    {Write-Host 'Using your stored credential file' -ForegroundColor Green

    $password = get-content $CredsFile | convertto-securestring

    $Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName,$password}

# Initiate Remote Dirsync Command

Invoke-Command -credential $Cred -ComputerName $DirsyncServer -ScriptBlock {C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psconsolefile "C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1" -command "Start-OnlineCoexistenceSync"}