Forum Discussion

Cloud_Geek_82's avatar
Cloud_Geek_82
Copper Contributor
Nov 07, 2024

Find out a server with Azure AD Connect

Hi All, Normally, if someone need to find on which server Azure AD Connect is installed it can be done in Azure portal under Microsoft Entra Connect - Microsoft Entra Connect Health - Sync Services....
azure
LainRobertson's avatar
LainRobertson
Silver Contributor
Nov 07, 2024

Hi,

 

This is one of those scenarios where you could write a script to execute against every server remotely, but that's more effort than is required. You'd also have to navigate which remote administration protocols are even reliably available across all servers, otherwise, you'd still have gaps to manually fill.

 

Rather than scripting this requirement, you can find out which server is syncing more easily via Azure Portal -> Microsoft Entra ID -> Monitoring -> Sign-in logs, as shown below.

 

 

In my example above, I've filtered on the AAD Connect application, and if you look at the section of "Username" boxed in green, this is the name of the computer on which this particular AAD Connect instance is running.

 

It is possible for there to be multiple usernames and therefore computer names, as AAD Connect can run on more than one host for redundancy purposes (though only one instance of AAD Connect is permitted to run outside of staging mode).

 

Cheers,

Lain

Cloud_Geek_82's avatar
Cloud_Geek_82
Copper Contributor
Nov 07, 2024

Hi LainRobertson 

I think I've done filtering exactly as on your screenshot, but in my case I'm getting users' email addresses as usernames.

 

  • LainRobertson's avatar
    LainRobertson
    Silver Contributor
    Nov 07, 2024

    Hi Cloud_Geek_82 ,

     

    Yes, that's mostly correct. I've just blanked out the remainder of the username in my screenshot above.

     

    When AAD Connect is installed, it creates the synchronisation account with the username in the format of:

     

     

    sync_netBIOSName_randomNumber[@]yourTenant.onmicrosoft.com

     

    (Note, I've used [@] instead of just @ to avoid any addressing issues on the forums.)

     

    Where netBIOSName (the part I boxed in green in my screenshot) is the name of the computer running AAD Connect.

     

    Strictly-speaking, this username is not the mail address, but another attribute that looks the same named userPrincipalName. Most of the time, both mail and userPrincipalName will indeed contain the same values but it's important to note this is not required and that they are two different attributes with very different purposes.

     

    Anyhow, you're already looking at the right thing. You just need to pluck out the computer name and you're done.

     

    Cheers,
    Lain

Resources