How to check if the tenant account used for monitoring Azure AD, Exchange Online or SharePoint Online is cloud-only

Azure AD and Office 365
9.0-9.7
9.8
9.9
https://kb.netwrix.com/5032
Copy Article URL Copied

Azure AD, Exchange Online and SharePoint Online monitoring require a tenant account that was initially created in the cloud and not synced from on-premise Active Directory.

The quickest way to check that is to open the Azure AD Admin Center, go to Users and check the Source. It should be Azure Active Directory (not Windows Server AD).

Alternatively, you can use the following sequence of commands in Powershell:

install-module AzureAD

connect-AzureAD

get-azureaduser -objectID “username@domain.onmicrosoft.com” | select -property displayname,dirsyncenabled

For an account migrated from on-prem AD, the dirsyncenabled propery will return either true or false.

For a cloud-only account, the dirsyncenabled propery will return null.

Go Up