Forum Discussion
Lost on premises AD and we want to sync office 365 accounts with the new AD with the same forest
if you are able to create the Active Directory on-premises with the same domain suffix and UserPrincipalName (UPN) for the users, a soft-match with the cloud objects should not be a problem. You just have to create the users with the same UPN and e-mail address as the cloud users. A soft match will be tried by the next sync of Azure AD Connect.
If that is not possible or in your plans, you could alternate proceed with hard-match by matching the on-premises with the cloud objects by using the Azure AD anchor attribute, in most cases should be ms-DS-ConsistencyGuid
Please let me know if you need detailed information
Kind regards
Spikar
Just to add a small correction - soft match will not work in this scenario, as it requires the ImmutableID to be null. You'll either have to disable dirsynd in order to nullify the ImmutableId's of each user, or simply use the hard match method instead.
Do I have to disable the direct sync as it will take up to 72 hours as mentioned in Microsoft documentation?
if not the scenario will be :
clear ImmutableId's in azure objects by script
Run Direct sync by setting email as source anchor.
will that work?
In order to clear the ImmutableID, you need to disable DirSync. Of you plan to use the hard-match method, there's no need to disable it as you can change the value directly via Set-AzureADUser.
Hello VasilMichev , thank you for the correction, nice addition.
I, maybe wrong, assumed that as his AD on-premises is lost,he has already disabled DirSync to be able to manage the cloud objects, but your addition makes everything more clear
Kind regards
Spiros
- Thanks all for replies, would you please describe steps as now there is no Ad connect installed.
when we will install it it supposed to sync and there will be duplication of account on cloud , is that right?
