Powershell - Copy ObjectGuid to MS-DS-ConsistencyGuid

Not going to go into much detail on why this is needed just wanted to provide a quick and easy solution to automate this task via PowerShell.  If you plan on leveraging this to handle forest migrations and plan to use the MS-DS-ConsistencyGuid as a source anchor in Azure AD make sure to research these changes first and test.  Azure AD Connect will require some configuration that wont be covered in this post. 

This script sample can be ran as a schedule task or just ran by an admin as needed. This cmdlet will only update group and user objects that’s MS-DS-ConsistencyGuid  attribute contain no value.  Unlike most of my scripts I am not looping through the domains in a forest.

 get-adobject -ldapfilter "(&(|(objectClass=user)(objectClass=group))(!(IsCriticalSystemObject=TRUE))(!(mS-DS-ConsistencyGuid=*)))" `
     -Properties mail, userprincipalname, objectguid, 'mS-DS-ConsistencyGuid' | ForEach-Object {
         Set-adobject -Identity $_.DistinguishedName -Replace @{'mS-DS-ConsistencyGuid'=$($_.objectguid)}}

Use this to verify it worked

 get-adobject -ldapfilter "(&(|(objectClass=user)(objectClass=group))(!(IsCriticalSystemObject=TRUE)))" `
     -Properties mail, userprincipalname, objectguid, 'mS-DS-ConsistencyGuid' | select `
     samaccountname, mail, objectguid, @{name='ms-ds-consistencyguid';expression={[guid]$_.'ms-ds-consistencyguid'}} -First 10

update:

Results