Can onPremisesSyncEnabled (Microsoft Graph API) be used to monitor if the Azure AD is in sync?

Question

We would like to monitor (check periodically) if Azure Active Directory is in sync with on-prem infrastructure. Azure AD Connect is used to sync the data to Azure.

Based on the documentation: https://learn.microsoft.com/en-us/graph/api/resources/organization?view=graph-rest-1.0 there is value: "onPremisesSyncEnabled" that has value "true if this object is synced from an on-premises directory; false if this object was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default)."

If I read that correctly that flag might be used for monitoring (false - currently is not sync, true - currently is in sync). However I don't have any environment to test that it is working this way. Anybody has tested if that works this way?

Answer 1

As far as I know, there are three options:

1. true --> your user was created on premise and is synchronized
2. false -> your user was created on cloud and is synchronized
3. null -> your user was created on cloud and is not synchronized

I hope it helps https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties

Answer 2

Yes. Your understanding is correct.

I have an environment which is in sync with on-premise. When I call GET https://graph.microsoft.com/v1.0/organization, it will return "onPremisesSyncEnabled": true.

For another environment which has never been synced, it shows "onPremisesSyncEnabled": null.