This is a PowerShell module that wraps the official ESET Active Directory Scanner to allow synchronization of AzureAD joined systems with ESET PROTECT Cloud through the Microsoft Graph API. It takes an object with at least the following information:
# DeviceId can be any string as long as it's unique to the device
$Computers = @{
"DisplayName" = "Computer-Display-Name"
"DeviceId" = "00000000-0000-0000-0000-000000000000"
}- PowerShell v7 or higher
- The Microsoft.Graph.Identity.DirectoryManagement PowerShell module
- An ESET PROTECT account with the AD Scanner Access Token: Write permission
- An Agent GPO Deployment Script
- An Active Directory Synchronization Token
- The Microsoft.Graph.Identity.DirectoryManagement PowerShell module:
Install-Module Microsoft.Graph.Identity.DirectoryManagementFirst, download the ESET Active Directory Scanner and extract it to the ActiveDirectoryScanner folder. You can also use the helper script to do this for you:
./Get-ADScanner.ps1A very basic usage example would be something like this:
Import-Module '.\AzureADScanner'
$Token = "<base64 token>"
$Computers = @{
"DisplayName" = "DESKTOP-ABC123"
"DeviceId" = "e5b71636-7d5e-4904-8b13-c03b8efc611f"
}
$Computers | Invoke-AzureADSync -Token $TokenA more advanced example can be found in the ADSync.ps1 file.
The following parameters are currently supported:
| Name | Description | Default | Required | Remarks |
|---|---|---|---|---|
-Computers |
Object containing computers to synchronize | '' |
Yes | Pipeline variable |
-InstallConfig |
Path to install_config.ini |
.\install_config.ini |
No | |
-MaxComputers |
Maximum number of computers to synchronize | 100 |
No | |
-GroupName |
Child group to place computers in | '' |
No | |
-RequestInterval |
Request interval | 60 |
No | |
-Addonly |
Only add new computers, do not delete | false |
No | |
-Token |
AD Sync token | '' |
No | Only required for first run. |
-Force |
Force synchonization | false |
No |