Share via

New-MgServicePrincipalSynchronizationJobOnDemand

Module:
Microsoft.Graph.Applications Module

Select a user and provision the account on-demand. The rate limit for this API is 5 requests per 10 seconds.

Note

To view the beta release of this cmdlet, view New-MgBetaServicePrincipalSynchronizationJobOnDemand

Syntax

ProvisionExpanded (Default) 

New-MgServicePrincipalSynchronizationJobOnDemand
    -ServicePrincipalId <string>
    -SynchronizationJobId <string>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters[]>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Provision 

New-MgServicePrincipalSynchronizationJobOnDemand
    -ServicePrincipalId <string>
    -SynchronizationJobId <string>
    -BodyParameter <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ProvisionViaIdentityExpanded 

New-MgServicePrincipalSynchronizationJobOnDemand
    -InputObject <IApplicationsIdentity>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters[]>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ProvisionViaIdentity 

New-MgServicePrincipalSynchronizationJobOnDemand
    -InputObject <IApplicationsIdentity>
    -BodyParameter <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Select a user and provision the account on-demand. The rate limit for this API is 5 requests per 10 seconds.

Permissions

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Synchronization.ReadWrite.All,
Delegated (personal Microsoft account) Not supported
Application Application.ReadWrite.OwnedBy, Synchronization.ReadWrite.All,

Examples

Example 1: Provision users from Microsoft Entra ID to third-party applications


Import-Module Microsoft.Graph.Applications

$params = @{
	parameters = @(
		@{
			subjects = @(
				@{
					objectId = "9bb0f679-a883-4a6f-8260-35b491b8b8c8"
					objectTypeName = "User"
				}
			)
			ruleId = "ea807875-5618-4f0a-9125-0b46a05298ca"
		}
	)
}

New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $params

This example will provision users from microsoft entra id to third-party applications

Example 2: Sync on-demand from Active Directory to Microsoft Entra ID (Microsoft Entra Cloud Sync)


Import-Module Microsoft.Graph.Applications

$params = @{
	parameters = @(
		@{
			ruleId = "6c409270-f78a-4bc6-af23-7cf3ab6482fe"
			subjects = @(
				@{
					objectId = "CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com"
					objectTypeName = "user"
				}
			)
		}
	)
}

New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $params

This example will sync on-demand from active directory to microsoft entra id (microsoft entra cloud sync)

Example 3: Provision a group and two of its members on demand


Import-Module Microsoft.Graph.Applications

$params = @{
	parameters = @(
		@{
			ruleId = "33f7c90d-bf71-41b1-bda6-aaf0ddbee5d8#V2"
			subjects = @(
				@{
					objectId = "8213fd99-d6b6-417b-8e13-af6334856215"
					objectTypeName = "Group"
					links = @{
						members = @(
							@{
								objectId = "cbc86211-6ada-4803-b73f-8039cf56d8a2"
								objectTypeName = "User"
							}
							@{
								objectId = "2bc86211-6ada-4803-b73f-8039cf56d8a2"
								objectTypeName = "User"
							}
						)
					}
				}
			)
		}
	)
}

New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $params

This example will provision a group and two of its members on demand

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:System.Collections.Hashtable
Supports wildcards:False
DontShow:False

Parameter sets

ProvisionViaIdentityExpanded
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ProvisionExpanded
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-BodyParameter

To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:Microsoft.Graph.PowerShell.Models.IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema
Supports wildcards:False
DontShow:False

Parameter sets

ProvisionViaIdentity
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False
Provision
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Break

Wait for .NET debugger to attach

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:System.Collections.IDictionary
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-HttpPipelineAppend

SendAsync Pipeline Steps to be appended to the front of the pipeline

Parameter properties

Type:

Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]

Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-HttpPipelinePrepend

SendAsync Pipeline Steps to be prepended to the front of the pipeline

Parameter properties

Type:

Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]

Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:Microsoft.Graph.PowerShell.Models.IApplicationsIdentity
Supports wildcards:False
DontShow:False

Parameter sets

ProvisionViaIdentityExpanded
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False
ProvisionViaIdentity
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Parameters

To construct, see NOTES section for PARAMETERS properties and create a hash table.

Parameter properties

Type:

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSynchronizationJobApplicationParameters[]

Supports wildcards:False
DontShow:False

Parameter sets

ProvisionViaIdentityExpanded
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ProvisionExpanded
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Proxy

The URI for the proxy server to use

Parameter properties

Type:System.Uri
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ProxyCredential

Credentials for a proxy server to use for the remote call

Parameter properties

Type:System.Management.Automation.PSCredential
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ProxyUseDefaultCredentials

Use the default credentials for the proxy

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:System.String
Supports wildcards:False
DontShow:False
Aliases:RHV

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ServicePrincipalId

The unique identifier of servicePrincipal

Parameter properties

Type:System.String
Supports wildcards:False
DontShow:False

Parameter sets

ProvisionExpanded
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
Provision
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SynchronizationJobId

The unique identifier of synchronizationJob

Parameter properties

Type:System.String
Supports wildcards:False
DontShow:False

Parameter sets

ProvisionExpanded
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
Provision
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WhatIf

Runs the command in a mode that only reports what would happen without performing the actions.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.PowerShell.Models.IApplicationsIdentity

{{ Fill in the Description }}

Microsoft.Graph.PowerShell.Models.IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema

{{ Fill in the Description }}

System.Collections.IDictionary

{{ Fill in the Description }}

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphStringKeyStringValuePair

{{ Fill in the Description }}

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters[]>]: [RuleId <String>]: The identifier of the synchronizationRule to be applied. This rule ID is defined in the schema for a given synchronization job or template. [Subjects <IMicrosoftGraphSynchronizationJobSubject[]>]: The identifiers of one or more objects to which a synchronizationJob is to be applied. [Links <IMicrosoftGraphSynchronizationLinkedObjects>]: synchronizationLinkedObjects [(Any) <Object>]: This indicates any property can be added to this object. [Manager <IMicrosoftGraphSynchronizationJobSubject>]: synchronizationJobSubject [Members <IMicrosoftGraphSynchronizationJobSubject[]>]: All group members that you would like to provision. [Owners <IMicrosoftGraphSynchronizationJobSubject[]>]: [ObjectId <String>]: The identifier of an object to which a synchronizationJob is to be applied. Can be one of the following: An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD.The user ID for synchronization from Microsoft Entra ID to a third-party.The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Microsoft Entra ID. [ObjectTypeName <String>]: The type of the object to which a synchronizationJob is to be applied. Can be one of the following: user for synchronizing between Active Directory and Azure AD.User for synchronizing a user between Microsoft Entra ID and a third-party application. Worker for synchronization a user between Workday and either Active Directory or Microsoft Entra ID.Group for synchronizing a group between Microsoft Entra ID and a third-party application.

INPUTOBJECT <IApplicationsIdentity>: Identity Parameter [AppId <String>]: Alternate key of application [AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy [AppRoleAssignmentId <String>]: The unique identifier of appRoleAssignment [ApplicationId <String>]: The unique identifier of application [ApplicationTemplateId <String>]: The unique identifier of applicationTemplate [ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy [DelegatedPermissionClassificationId <String>]: The unique identifier of delegatedPermissionClassification [DirectoryDefinitionId <String>]: The unique identifier of directoryDefinition [DirectoryObjectId <String>]: The unique identifier of directoryObject [EndpointId <String>]: The unique identifier of endpoint [ExtensionPropertyId <String>]: The unique identifier of extensionProperty [FederatedIdentityCredentialId <String>]: The unique identifier of federatedIdentityCredential [GroupId <String>]: The unique identifier of group [HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy [Name <String>]: Alternate key of federatedIdentityCredential [OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant [ServicePrincipalId <String>]: The unique identifier of servicePrincipal [SynchronizationJobId <String>]: The unique identifier of synchronizationJob [SynchronizationTemplateId <String>]: The unique identifier of synchronizationTemplate [TargetDeviceGroupId <String>]: The unique identifier of targetDeviceGroup [TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy [TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy [UniqueName <String>]: Alternate key of application [UserId <String>]: The unique identifier of user

PARAMETERS <IMicrosoftGraphSynchronizationJobApplicationParameters[]>: . [RuleId <String>]: The identifier of the synchronizationRule to be applied. This rule ID is defined in the schema for a given synchronization job or template. [Subjects <IMicrosoftGraphSynchronizationJobSubject[]>]: The identifiers of one or more objects to which a synchronizationJob is to be applied. [Links <IMicrosoftGraphSynchronizationLinkedObjects>]: synchronizationLinkedObjects [(Any) <Object>]: This indicates any property can be added to this object. [Manager <IMicrosoftGraphSynchronizationJobSubject>]: synchronizationJobSubject [Members <IMicrosoftGraphSynchronizationJobSubject[]>]: All group members that you would like to provision. [Owners <IMicrosoftGraphSynchronizationJobSubject[]>]: [ObjectId <String>]: The identifier of an object to which a synchronizationJob is to be applied. Can be one of the following: An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD.The user ID for synchronization from Microsoft Entra ID to a third-party.The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Microsoft Entra ID. [ObjectTypeName <String>]: The type of the object to which a synchronizationJob is to be applied. Can be one of the following: user for synchronizing between Active Directory and Azure AD.User for synchronizing a user between Microsoft Entra ID and a third-party application. Worker for synchronization a user between Workday and either Active Directory or Microsoft Entra ID.Group for synchronizing a group between Microsoft Entra ID and a third-party application.