Can onPremisesSyncEnabled (Microsoft Graph API) be used to monitor if the Azure AD is in sync?

1
votes

We would like to monitor (check periodically) if Azure Active Directory is in sync with on-prem infrastructure. Azure AD Connect is used to sync the data to Azure.

Based on the documentation: https://docs.microsoft.com/en-us/graph/api/resources/organization?view=graph-rest-1.0 there is value: "onPremisesSyncEnabled" that has value "true if this object is synced from an on-premises directory; false if this object was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default)."

If I read that correctly that flag might be used for monitoring (false - currently is not sync, true - currently is in sync). However I don't have any environment to test that it is working this way. Anybody has tested if that works this way?

2
azureazure-active-directorymicrosoft-graph-api
If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you.Allen Wu

2 Answers

0
votes

Yes. Your understanding is correct.

I have an environment which is in sync with on-premise. When I call GET https://graph.microsoft.com/v1.0/organization, it will return "onPremisesSyncEnabled": true.

For another environment which has never been synced, it shows "onPremisesSyncEnabled": null.

0
votes

As far as I know, there are three options:

  1. true --> your user was created on premise and is synchronized
  2. false -> your user was created on cloud and is synchronized
  3. null -> your user was created on cloud and is not synchronized

I hope it helps https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties