From time to time when migrating email from on premises Exchange to O365, users may already exist in the tenant. More often than not when you then set up Azure Ad Connect (AADC) it will duplicate the users. This process can be used to match the existing O365 account to the on premises identity using the Immutable ID.
1. Delete the synced account from Azure ad ( Via Powershell to Azure AD)
Remove-MsolUser -UserPrincipalName upn@tenant.co.uk
2. Remove from Recycle Bin
Remove-MsolUser -UserPrincipalName upn@tenant.co.uk -RemoveFromRecycleBin
3. Get Object Guid from AD, On Dc run this at cmd Prompt:
ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"
This will generate a txt file listing all users in the domain by DN along with their Object GUID
4. Locate user in text file and make note of the ObjectGuid:
5. Check 0365 User has no ImmutableID:
Get-MsolUser -UserPrincipalName users@domain.onmicrosoft.com | fl userprincipalname, ImmutableID
7. Set User Immutable ID to the GUID located previously.
Set-MsolUser -UserPrincipalName upn@tenant.com -ImmutableId <ObjectGUID>
Re-Run Azure Ad connect and the account should now match
1. Delete the synced account from Azure ad ( Via Powershell to Azure AD)
Remove-MsolUser -UserPrincipalName upn@tenant.co.uk
2. Remove from Recycle Bin
Remove-MsolUser -UserPrincipalName upn@tenant.co.uk -RemoveFromRecycleBin
3. Get Object Guid from AD, On Dc run this at cmd Prompt:
ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"
This will generate a txt file listing all users in the domain by DN along with their Object GUID
4. Locate user in text file and make note of the ObjectGuid:
5. Check 0365 User has no ImmutableID:
Get-MsolUser -UserPrincipalName users@domain.onmicrosoft.com | fl userprincipalname, ImmutableID
7. Set User Immutable ID to the GUID located previously.
Set-MsolUser -UserPrincipalName upn@tenant.com -ImmutableId <ObjectGUID>
Re-Run Azure Ad connect and the account should now match
Comments
Post a Comment