PowerShell method for retrieving Sync Type of Office 365 Users?

Question

On portal.office.com, the list of Active Users shows a "Sync Type" column which can be "Synced with Active Directory" or "In Cloud". Can this "Sync Type" be retrieved with PowerShell as a property of the Azure AD User (eg with Get-MsolUser).

Also, is it possible to force a user marked as "In Cloud" to be synced up with a local Active Directory user with the same userPrincipalName?

Answer 1

The sync type is a property of the office app and not of AzureAD user. Hence you cannot retrieve it in this manner.

You can sync up a user in AzureAD as long as the username is unique.

Answer 2

The "Sync Type" column might be generated from the LastDirSyncTime property of the attribute. If it's empty, then it has never been synced and can be displayed as "In Cloud". If it's populated, then it has been synced at some point in time.

The actual synchronization of objects is determined by the objectGUID attribute in AD and the immutableID attribute in Azure AD. If these match up, then the objects are synced. Here is an article with more details on how to modify the immutableID attribute if necessary in order to sync an Azure AD entry with its AD counterpart:

http://mstechtalk.com/understand-and-modify-office365-users-immutableid/

Answer 3

To find cloud-only users and groups:

Users:

Get-AzureADUser -all $true | ? {$_.OnPremisesSecurityIdentifier -eq $null}

Groups:

Get-AzureADGroup -all $true | ? {$_.OnPremisesSecurityIdentifier -eq $null -and $_.SecurityEnabled -eq $true }