Forum Discussion
soft match with proxyAddresses
When I create an ou based filter, so not every user will be syncronized, what will happen with the cloud-managed users, who don't have matching on-premise pair?
Azure AD-native accounts will remain unaffected.
Accounts that originated from on-premise or were subsequently joined (becoming on-premise mastered) are soft-deleted once they fall out of AAD Connect's scope of management.
Cheers,
Lain
- Thank you. Just to clarify: We have several Entra users, who were on-premise managed, but now they are independent (we had an old on-premise AD, connected to the Azure AD, and we removed all our users from it). Are they AD-native accounts now? I hope, but I would like to be 100% sure about it.
It's unlikely that they're Azure-native accounts now. It's possible, but unlikely.
The only way I recall being able to "convert" a user from Active Directory-managed to Azure AD native - without turning off directory synchronisaiton - is to:
- Ensure it's no longer being managed via Azure AD Connect (which will cause Azure AD Connect to soft-delete the user account from Azure AD);
- Recover the soft-deleted user account from the Azure AD "recycle bin" (within 30 days, or else it's hard deleted and no longer recoverable), at which point it's restored as an Azure AD-native account.
If you are ready to turn off directory synchronisation, then doing so converts all synchronised accounts (i.e. from Active Directory) to Azure AD-native accounts, but this is not something you do frivolously.
To verify if the account is Azure AD or not, check the OnPremisesSyncEnabled attribute. If it's "true" (as shown in the following screenshot), then it's still mastered by Active Directory, not Azure AD.
You can probably check using the Azure Portal, too, though I can't tell you exactly what the attribute might be labelled as, as I don't use it.
Cheers,
Lain
