Using Graph API for Entra Connect Sync version check
Sven Lüders
forgive me for not starting by what is a hybrid environment regarding Active Directory Domain Services (AD DS) and Entra ID. Let’s break it down to this:
Intro
If you want your objects in sync in both directories you can have to options:
Entra Connect Sync (also known als Azure AD Connect in the good ol’ days)
Entra Cloud Sync
Today’s post is about the Connect Sync service. Long story short: The engine enables synchronization between on-premises Active Directory, Entra ID, and other third-party systems, ensuring consistency across the entire identity ecosystem.
Key components include the Connector, which links to source directories and manages data flow, and the Synchronization Engine, which handles the logic of mapping and transforming identity data between systems. The Agent is a lightweight service installed on the server, responsible for executing synchronization tasks:
In case you want to learn more about it, I recommend:
Issue
Back to business - the sync engine has to be updated. Auto Upgrade is eligible in some cases:
Ok, great but this post is because if a “Breaking Change on Entra Connect Sync”:
The latest version at the moment I am typing here is 2.4.129.0 and you have to have at least 2.4.18 (for commercial clouds) or 2.4.21.0 (for non-commercial clouds).
If you do not upgrade by the deadline of April 7,2025 the impacts are:
All authentication requests to Microsoft Entra ID on the Microsoft Entra Connect wizard will fail.
Configuration of Active Directory Federation Services (ADFS) scenarios through Microsoft Entra Connect wizard won't work.
Configuration of PingFederate scenarios through the Microsoft Entra Connect wizard won't work.
But the good thing about that: The sync service will continue doing it’s job! ✅
Using Graph API
In case you want to automate the reporting on the Connect servers, where the agent is installed you should use Graph API. Back in the days I used the MSOL PowerShell module for that, but now this is gone, because of it’s deprecation. Since then I struggled finding the attributes which I was able to fetch back then by running:
Get-MsolCompanyInformation | select DisplayName,InitialDomain,DirSyncClientMachineName,DirSyncClientVersion,DirSyncServiceAccount,DirectorySynchronizationEnabled, DirectorySynchronizationStatus, LastDirSyncTime, LastPasswordSyncTime
Especially the DirSyncClientVersion is the attribute I am looking for. Mapping old cmdlets to new ones can be done via Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Learn. But both the Get-MgOrganization and the Get-MgBetaOrganization did not get me these insights. So I had a look at the native Graph API and found directory/onPremisesSynchronization.
For quick access to Graph API, you should use Graph Explorer or Postman. So I called https://graph.microsoft.com/beta/directory/onPremisesSynchronization to get some insights:
GET https://graph.microsoft.com/v1.0/directory/onPremisesSynchronization
Sadly, I did only get some configuration features. I just tried then the beta version of the API by calling:
GET https://graph.microsoft.com/beta/directory/onPremisesSynchronization
And there it is: synchronizationClientVersion‼️
While writing this post, I checked the Get-MgBetaDirectoryOnPremiseSynchronization. And here we go:
Nevertheless: I hope, if someone looks for that attribute he will find it here 😁
Last but not least… Consider moving to Microsoft Entra Cloud Sync. This is where I come back to the beginning, mentioning Entra Cloud Sync as second option. This approach is a SaaS that works from the cloud and allows to set up and manage their sync preferences online. But before you migrate, please evaluate first, because Cloud Sync does not fully support all hybrid scenarios like Connect Sync: https://aka.ms/EvaluateSyncOptions
Stay in sync 🔄️
…and follow for part two if you want to see how to script your report!
Subscribe to my newsletter
Read articles from Sven Lüders directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by