New-MgServicePrincipalSynchronizationJobOnDemand
Select a user and provision the account on-demand. The rate limit for this API is 5 requests per 10 seconds.
Note
To view the beta release of this cmdlet, view New-MgBetaServicePrincipalSynchronizationJobOnDemand
Syntax
New-MgServicePrincipalSynchronizationJobOnDemand
-ServicePrincipalId <String>
-SynchronizationJobId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters[]>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgServicePrincipalSynchronizationJobOnDemand
-ServicePrincipalId <String>
-SynchronizationJobId <String>
-BodyParameter <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgServicePrincipalSynchronizationJobOnDemand
-InputObject <IApplicationsIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters[]>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgServicePrincipalSynchronizationJobOnDemand
-InputObject <IApplicationsIdentity>
-BodyParameter <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Select a user and provision the account on-demand. The rate limit for this API is 5 requests per 10 seconds.
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | Synchronization.ReadWrite.All, |
| Delegated (personal Microsoft account) | Not supported |
| Application | Application.ReadWrite.OwnedBy, Synchronization.ReadWrite.All, |
Examples
Example 1: Provision users from Microsoft Entra ID to third-party applications
Import-Module Microsoft.Graph.Applications
$params = @{
parameters = @(
@{
subjects = @(
@{
objectId = "9bb0f679-a883-4a6f-8260-35b491b8b8c8"
objectTypeName = "User"
}
)
ruleId = "ea807875-5618-4f0a-9125-0b46a05298ca"
}
)
}
New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $paramsThis example will provision users from microsoft entra id to third-party applications
Example 2: Sync on-demand from Active Directory to Microsoft Entra ID (Microsoft Entra Cloud Sync)
Import-Module Microsoft.Graph.Applications
$params = @{
parameters = @(
@{
ruleId = "6c409270-f78a-4bc6-af23-7cf3ab6482fe"
subjects = @(
@{
objectId = "CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com"
objectTypeName = "user"
}
)
}
)
}
New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $paramsThis example will sync on-demand from active directory to microsoft entra id (microsoft entra cloud sync)
Example 3: Provision a group and two of its members on demand
Import-Module Microsoft.Graph.Applications
$params = @{
parameters = @(
@{
ruleId = "33f7c90d-bf71-41b1-bda6-aaf0ddbee5d8#V2"
subjects = @(
@{
objectId = "8213fd99-d6b6-417b-8e13-af6334856215"
objectTypeName = "Group"
links = @{
members = @(
@{
objectId = "cbc86211-6ada-4803-b73f-8039cf56d8a2"
objectTypeName = "User"
}
@{
objectId = "2bc86211-6ada-4803-b73f-8039cf56d8a2"
objectTypeName = "User"
}
)
}
}
)
}
)
}
New-MgServicePrincipalSynchronizationJobOnDemand -ServicePrincipalId $servicePrincipalId -SynchronizationJobId $synchronizationJobId -BodyParameter $paramsThis example will provision a group and two of its members on demand
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IApplicationsIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Parameters
To construct, see NOTES section for PARAMETERS properties and create a hash table.
| Type: | IMicrosoftGraphSynchronizationJobApplicationParameters[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ServicePrincipalId
The unique identifier of servicePrincipal
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SynchronizationJobId
The unique identifier of synchronizationJob
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IApplicationsIdentity
Microsoft.Graph.PowerShell.Models.IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphStringKeyStringValuePair
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IPathsJgtujvServiceprincipalsServiceprincipalIdSynchronizationJobsSynchronizationjobIdMicrosoftGraphProvisionondemandPostRequestbodyContentApplicationJsonSchema>: .
[(Any) <Object>]: This indicates any property can be added to this object.[Parameters <IMicrosoftGraphSynchronizationJobApplicationParameters-[]>]:[RuleId <String>]: The identifier of the synchronizationRule to be applied. This rule ID is defined in the schema for a given synchronization job or template.[Subjects <IMicrosoftGraphSynchronizationJobSubject-[]>]: The identifiers of one or more objects to which a synchronizationJob is to be applied.[Links <IMicrosoftGraphSynchronizationLinkedObjects>]: synchronizationLinkedObjects[(Any) <Object>]: This indicates any property can be added to this object.[Manager <IMicrosoftGraphSynchronizationJobSubject>]: synchronizationJobSubject[Members <IMicrosoftGraphSynchronizationJobSubject-[]>]: All group members that you would like to provision.[Owners <IMicrosoftGraphSynchronizationJobSubject-[]>]:
[ObjectId <String>]: The identifier of an object to which a synchronizationJob is to be applied. Can be one of the following: An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD.The user ID for synchronization from Microsoft Entra ID to a third-party.The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Microsoft Entra ID.[ObjectTypeName <String>]: The type of the object to which a synchronizationJob is to be applied. Can be one of the following: user for synchronizing between Active Directory and Azure AD.User for synchronizing a user between Microsoft Entra ID and a third-party application. Worker for synchronization a user between Workday and either Active Directory or Microsoft Entra ID.Group for synchronizing a group between Microsoft Entra ID and a third-party application.
INPUTOBJECT <IApplicationsIdentity>: Identity Parameter
[AppId <String>]: Alternate key of application[AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy[AppRoleAssignmentId <String>]: The unique identifier of appRoleAssignment[ApplicationId <String>]: The unique identifier of application[ApplicationTemplateId <String>]: The unique identifier of applicationTemplate[ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy[DelegatedPermissionClassificationId <String>]: The unique identifier of delegatedPermissionClassification[DirectoryDefinitionId <String>]: The unique identifier of directoryDefinition[DirectoryObjectId <String>]: The unique identifier of directoryObject[EndpointId <String>]: The unique identifier of endpoint[ExtensionPropertyId <String>]: The unique identifier of extensionProperty[FederatedIdentityCredentialId <String>]: The unique identifier of federatedIdentityCredential[GroupId <String>]: The unique identifier of group[HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy[Name <String>]: Alternate key of federatedIdentityCredential[OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant[ServicePrincipalId <String>]: The unique identifier of servicePrincipal[SynchronizationJobId <String>]: The unique identifier of synchronizationJob[SynchronizationTemplateId <String>]: The unique identifier of synchronizationTemplate[TargetDeviceGroupId <String>]: The unique identifier of targetDeviceGroup[TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy[UniqueName <String>]: Alternate key of application[UserId <String>]: The unique identifier of user
PARAMETERS <IMicrosoftGraphSynchronizationJobApplicationParameters- []>: .
[RuleId <String>]: The identifier of the synchronizationRule to be applied. This rule ID is defined in the schema for a given synchronization job or template.[Subjects <IMicrosoftGraphSynchronizationJobSubject-[]>]: The identifiers of one or more objects to which a synchronizationJob is to be applied.[Links <IMicrosoftGraphSynchronizationLinkedObjects>]: synchronizationLinkedObjects[(Any) <Object>]: This indicates any property can be added to this object.[Manager <IMicrosoftGraphSynchronizationJobSubject>]: synchronizationJobSubject[Members <IMicrosoftGraphSynchronizationJobSubject-[]>]: All group members that you would like to provision.[Owners <IMicrosoftGraphSynchronizationJobSubject-[]>]:
[ObjectId <String>]: The identifier of an object to which a synchronizationJob is to be applied. Can be one of the following: An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD.The user ID for synchronization from Microsoft Entra ID to a third-party.The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Microsoft Entra ID.[ObjectTypeName <String>]: The type of the object to which a synchronizationJob is to be applied. Can be one of the following: user for synchronizing between Active Directory and Azure AD.User for synchronizing a user between Microsoft Entra ID and a third-party application. Worker for synchronization a user between Workday and either Active Directory or Microsoft Entra ID.Group for synchronizing a group between Microsoft Entra ID and a third-party application.