Fixes #2 - it's possible to test to see if the userCertificate attribute itself has been updated (using Get-ADReplicationAttributeMetadata), which means there's no need to compare Modified and Created to make sure it was created within the last 5 hours
It will also mean computers leaving Hybrid Azure AD and then rejoining (using dscmd.exe /leave, which clears/recreates 'usercertificate' without updating 'Created') can also be detected and synced more quickly.
I've also updated a couple of $null comparators so they meet PowerShell best practice
I love this update, thank you so much for contributing! Makes a lot more sense to check for the replication metadata, I didn't know that was possible. 👍
Fixes #2 - it's possible to test to see if the userCertificate attribute itself has been updated (using Get-ADReplicationAttributeMetadata), which means there's no need to compare Modified and Created to make sure it was created within the last 5 hours
It will also mean computers leaving Hybrid Azure AD and then rejoining (using dscmd.exe /leave, which clears/recreates 'usercertificate' without updating 'Created') can also be detected and synced more quickly.
I've also updated a couple of $null comparators so they meet PowerShell best practice