private/review/entra/identity/hybridmanagement/Invoke-ReviewEntraHybridPasswordHashSync.ps1
function Invoke-ReviewEntraHybridPasswordHashSync { <# .SYNOPSIS Check that password hash sync is enabled for hybrid deployments. .DESCRIPTION Returns review object. .EXAMPLE Invoke-ReviewEntraHybridPasswordHashSync; #> [cmdletbinding()] param ( ) BEGIN { # Get the hybrid AD connect status. $adConnectStatus = Get-EntraIdHybridAdConnectStatus; # Get the hybrid AD connect password sync status. $adConnectPasswordSyncStatus = Get-EntraIdHybridAdConnectPasswordSyncStatus; # Boolean for the settings is correct. [bool]$valid = $true; } PROCESS { # If the AD connect is enabled. if ($true -eq $adConnectStatus.dirSyncEnabled) { # If the AD connect password sync is disabled. if ($false -eq $adConnectPasswordSyncStatus) { # Set bool. $valid = $false; } } } END { # Bool for review flag. [bool]$reviewFlag = $false; # If review flag should be set. if ($false -eq $valid) { # Should be reviewed. $reviewFlag = $true; } # Create new review object to return. [Review]$review = [Review]::new(); # Add to object. $review.Id = 'ac82d275-9102-4df6-bf3c-ca012a74a306'; $review.Category = 'Microsoft Entra Admin Center'; $review.Subcategory = 'Identity'; $review.Title = 'Ensure that password hash sync is enabled for hybrid deployments'; $review.Data = [PSCustomObject]@{ dirSyncEnabled = $adConnectStatus.dirSyncEnabled; passwordSyncEnabled = $adConnectPasswordSyncStatus; }; $review.Review = $reviewFlag; # Print result. $review.PrintResult(); # Return object. return $review; } } |