Forum Discussion

Sebastian_Wenning's avatar
Sebastian_Wenning
Copper Contributor
May 11, 2023

Merge local wie Azure AD users, if both are in use and have name differences

Hi, I'm new here and am currently dealing with Azure in our company. We have had MS 365 with Office licenses for a few years and use them actively, locally we have a small server including a domain....
elieelkarkafi's avatar
elieelkarkafi
MVP
May 19, 2023

Sebastian_Wenning here the steps to follow: 

 

  1. Disable the sync between AAD and the local domain. 
  2. Make sure that username, UPN and proxy address match between user in on prem and user in AAD
  3. Sync again 

 

 

Sebastian_Wenning's avatar
Sebastian_Wenning
Copper Contributor
May 22, 2023

elieelkarkafiThanks, i stopped the sync last friday and change the attributes.

- Userloginname is now fully like my mailadress.

- Userloginname pre Win2k isn´t changed, so it doesnt match my AD User, but if i read your steps correct, it´s not needed.

- At "general" i filled "E-Mail" with my mailadress

- The attribute "proxyAdresses" is now filled with the attribute "SMTP:mymailadress"

 

I had an error with the user-rights if i look into the Synchronisation Service Manager, but this is solved.

 

My new status:

No seen errors in the Manager. AD User-Table shows no double users, but all users are not marked as "local synced". -> Has to change to "yes", or not?

Ontop of that, my bosses user has an deployment error, category PropertyConflict in his ProxyAdresses.

Thats curious, because the value in this error shows his "SMTP:hismailadress" like all 4 other synced users have it filled with teir adresses, but the other users didn´t get any errors at all.

 

 

 

  • Sebastian_Wenning's avatar
    Sebastian_Wenning
    Copper Contributor
    May 30, 2023

    elieelkarkafi

    Thanks again for helping me via PM.


    For everyone else, the solution was simple. You have to match the full UPN with the MS365 user and the attribute "proxyadresses" has to be filled with the SMTP entries of the MS365 user, e.g. SMTP:email address removed for privacy reasons for the main address and smtp:email address removed for privacy reasons for the alias address.


    My mistake was that I merged my local users before filling in these entries. I had to delete my missynced on-premises users in Azure and Azure-DeletedUser Recycle Bin and do a new initial sync via PowerShell. After 2 minutes my users were properly synchronized.


    Note that all your user entries in MS365 will be overwritten with your local user entries. Therefore, before synchronizing, check again whether all information is available with your local users.

     

     

  • elieelkarkafi's avatar
    elieelkarkafi
    MVP
    May 22, 2023
    if the users are not marked as local synced with a yes, that's means your users are cloud only and not merge with your local users on-premises. can you show me please an example of one your users on premises. username , UPN , smtp proxy and how its look like on O365 as well