(Cloud) Tip of the Day: Directory Sync Hard-Matching

Today’s Tip…

In order to hard-match objects between on-premises Active Directory and Azure Active Directory, you need to set the Immutable ID in the cloud.

You can use the following script to convert an Active Directory object GUID to an Azure Active Directory Immutable ID….

Convert DirSync/MS Online Directory Immutable ID to AD GUID (and vice versa)

https://gallery.technet.microsoft.com/Covert-DirSyncMS-Online-5f3563b1

Once you know the Immutable ID value for an object, you can run the following similar Azure AD PowerShell cmdlet…

Set-MsolUser -UserPrincipalName johnsmith@contoso.com -ImmutableID [ImmutableID]

The next time you run directory synchronization, the objects will be matched between on-premises and Azure AD.

Note You can also use this script to convert ImmutableID to GUID

Note The script is also useful in troubleshooting directory synchronization issues and determining which AD Object maps to which Azure AD object.