Forum Discussion
mlotfy
Jul 12, 2020Copper Contributor
Lost on premises AD and we want to sync office 365 accounts with the new AD with the same forest
We had a disaster at work, we lost all VMs and Backups. now we build a new AD om premises with the same forest and need to sync again with office 365. accounts were syncing with password hash synchronization so now users can login on clouds but these accounts not liked to on premises accounts.
How can i solve this issue.
- Spiros KarampinisBrass ContributorHello mlotfy,
if you are able to create the Active Directory on-premises with the same domain suffix and UserPrincipalName (UPN) for the users, a soft-match with the cloud objects should not be a problem. You just have to create the users with the same UPN and e-mail address as the cloud users. A soft match will be tried by the next sync of Azure AD Connect.
If that is not possible or in your plans, you could alternate proceed with hard-match by matching the on-premises with the cloud objects by using the Azure AD anchor attribute, in most cases should be ms-DS-ConsistencyGuid
Please let me know if you need detailed information
Kind regards
SpikarJust to add a small correction - soft match will not work in this scenario, as it requires the ImmutableID to be null. You'll either have to disable dirsynd in order to nullify the ImmutableId's of each user, or simply use the hard match method instead.
- mlotfyCopper Contributor
Do I have to disable the direct sync as it will take up to 72 hours as mentioned in Microsoft documentation?
if not the scenario will be :
clear ImmutableId's in azure objects by script
Run Direct sync by setting email as source anchor.
will that work?