How to do Hard match in Dirsync?


There are 2 types of matching we do during Dirsync

  1. Soft Match
  2. Hard Match

 

In this post we will see how to do Hard Match in Dirsync.

Post writing this post my colleague and friend Elvin pointed out that there was another easier way to find Immutable ID. I have covered that in the next post.

Click the above link to know more

Here are the broad level steps that we do to implement Dirsync between on-prem and cloud

  • Get the ObjectGuid from the onpremise for the user
  • Rearrange the ObjectGuid
  • Convert the ObjectGuid to an ImmutableID
  • Update the cloud user with the Immutable ID
  • Run Dirsync

 

 

Get the ObjectGuid from the onpremise for the user

  • Go to Adsiedit.msc
  • Right click ADSI Edit and say Connect to and select "Default naming context"
  • Double click the Domain partition and navigate to the OU the concerned user is present and select the user properties
  • Copy the value of ObjectGuid to a notepad

 

Rearrange the ObjectGuid as shown below

ObjectGuid  :                                                                         44 31 E2 46 77 83 3E 48 A8 7E B6 76 9D B6 2E ED

Group the GUID as shown here:                                        44 31 E2 46 77 83 3E 48 A8 7E B6 76 9D B6 2E ED

Rearrange Hexa bits within the group as done Here:    46 E2 31 44 83 77 48 3E A8 7E  B6 76 9D B6 2E ED

Write the rearranged Bits as shown here :                      46E231448377483EA87E-B6769DB62EED

Convert the ObjectGuid to an ImmutableID

Now that we have the object Guid in the format we want  download the script from the link below that converts Object Guid to Immutable ID and vice versa

http://gallery.technet.microsoft.com/office/Covert-DirSyncMS-Online-5f3563b1/description

Right click on the downloaded Script and click properties and say Unblock

 

Now open a Windows powershell navigate to the place where the Script was saved

Invoke the script and pass the Guid ID we got from the above step

PS C:\Users\praveen\Desktop\CAP\Immutable ID> .\GUID2ImmutableID.ps1

Value provided not in GUID or ImmutableID format.

Please Supply the value you want converted

Examples:

To convert a GUID to an Immutable ID: GUID2ImmutableID.ps1 '748b2d72-706b-42f8-8b25-82fd8733860f'

To convert an ImmutableID to a GUID: GUID2ImmutableID.ps1 'ci2LdGtw+EKLJYL9hzOGDw=='

 

PS C:\Users\praveen\Desktop\CAP\Immutable ID> .\GUID2ImmutableID.ps1 46E23144-8377-483E-A87E-B6769DB62EED

ImmutableID

—————–

RDHiRneDPkiofrZ2nbYu7Q==

 

 

 

Update the cloud user with the Immutable ID

Now open Windows Azure Powershell for Office 365  and run the below command

Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId RDHiRneDPkiofrZ2nbYu7Q==

 

Here  User@domain.com is the UPN of the user who is in cloud and we want to sync the on-premise user to sync to.

 

Run Dirsync

Now force an Dirsync to connect the users 

Note: Due to replication and delay in onprem and cloud we might have to wait for some time and force Dirsync couple of times.

Comments (22)

  1. Anonymous says:

    Yes, we can do that. I found out a workaround that helps to do for all users with help of my friend. Will write a post on that soon.

  2. Anonymous says:

    Thanks Shivam

  3. Anonymous says:

    Hello Raymond, Please find the below link that talks about what you are looking for

    http://blogs.technet.com/b/praveenkumar/archive/2014/08/10/how-to-do-hard-match-part-2.aspx

  4. Anonymous says:

    Thanks John and Dan

  5. john says:

    Good one praveen

  6. Dan says:

    Awesome Praveen. This helped me a lot

  7. shivam says:

    great stuff Praveen.

  8. vamdev says:

    it worked but how we can do it for multiple users at a time, like first creating csvde file and importing using powershell..??

  9. Anonymous says:

    In my previous post I wrote about how we can do Hard Match of objects in on-premise to the corresponding

  10. Raymond says:

    Great stuff Praveen! Please share with us the workaround to hard match for multiple users, looking forward for your new post 🙂

  11. David Gipe says:

    Another simple way to find a "one off" objectGUID is via Active Directory Users and Computers:
    1. Enable Advanced Features
    2. Open the user ID’s properties
    3. Open the Attribute Editor tab
    4. Filter by attributes with values
    5. Find and copy the objectGUID from the list

  12. Kassem says:

    how it works for mail contacts as well ? is it possible ?

  13. Hi,
    Thanks for your blog indeed.

    I was inspired to create desktop tool that converts from ObjectGUID in AD to ImmutableID in Azure and vise versa
    http://ammarhasayen.com/2015/08/20/azure-guid-to-immutableid-and-vise-versa-desktop-app/

    Thanks

  14. Shiraz says:

    Hi Praveen… i tried the method but I get the message ‘set-msoluser : Uniqueness violation. Property: SourceAnchor’

  15. Dr Sylvester Benson says:

    GET YOUR PROBLEM SOLVE TODAY WITH MY PROFESSION IN ANY SPIRITUAL SPELL OR ANY KIND OF PHYSICAL BATTLE THAT NEED, MY NAME IS DR SYLVESTER AND THIS IS MY EMAIL FOR CONTACT (stbenson391@gmail.com) OR YOU CAN FOLLOW HIM UP ON FACEBOOK BY MY NAME (SYLVESTER E BENSON)
    ON FACEBOOK OR CALL ME ON MY MOBILE NUMBER +2348136090988, AM ALWAYS AVAILABLE TO RENDER YOU HELP WITH EXPERIENCE OF 32 YEARS IN SPELL CASTING AND HERBAL MEDICURE TO CURE ANY KIND OF DISEASE THAT YOU MAY HAVE, CONTACT ME ON ANY KIND OF ISSUES.

  16. Anchal Arora says:

    Nice Article Praveen !!

  17. Anonymous says:

    There are 2 types of matching we do during Dirsync
    Soft Match
    Hard Match

    In this post we will see how to do Hard Match in Dirsync.
    Post writing this post my colleague and friend Elvin pointed out that there was another easier way to find Immutable

  18. karteek says:

    Hi praveen i am following the above steps but i am getting bellow mentioned error. Can you please help me.

    Set-MsolUser : Unable to update parameter. Parameter name: SourceAnchor.
    At line:1 char:1
    + Set-MsolUser -UserPrincipalName test@test.com -ImmutableId MJhaBp/MjU6ZUa9rEL …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OperationStopped: (:) [Set-MsolUser], MicrosoftOnlineException
    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.PropertyNotSettableException,Microsoft.Online
    .Administration.Automation.SetUser

  19. Birendra Pal says:

    I appreciate for this enlightening post.

  20. MpDay says:

    @Shiraz: about the message ‘set-msoluser : Uniqueness violation. Property: SourceAnchor’.

    Yes, I had that error too, but after investigating the deleted user was still in the Deleted Users folder. I created this user multiple times, and when I checked the Deleted Users folder, the user was there 5 times. I deleted ALL users from the Deleted Users
    folder, and then it worked.