Forum Discussion
Azure AD connect group soft match
- Feb 15, 2021
catmur-fed I solved the issue by resorting to hard-match instead.
I had also tried solving the issue with MS Support, but they were basically saying the same as you report in the thread, so that lead nowhere.
The solution was to change source anchor to mS-DS-ConsistencyGuid on AzureAD Connect setup, populate matching immutableID on onprem groups and then run sync.
you can take a look at this article for reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#changing-the-sourceanchor-attribute
there was another article regarding group hard-maching but i cannot find it, i will maybe try later.
Cheers
Tracking the same issue here https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_dirservices-mso_o365b/aad-connect-sync-issue-after-changing-domains/5b3fd134-8297-44cb-81eb-c50a8fbdd71f?messageId=d16fbc0a-5ca3-49c7-9b92-52cbe220055e
catmur-fed I solved the issue by resorting to hard-match instead.
I had also tried solving the issue with MS Support, but they were basically saying the same as you report in the thread, so that lead nowhere.
The solution was to change source anchor to mS-DS-ConsistencyGuid on AzureAD Connect setup, populate matching immutableID on onprem groups and then run sync.
you can take a look at this article for reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#changing-the-sourceanchor-attribute
there was another article regarding group hard-maching but i cannot find it, i will maybe try later.
Cheers
- catmur-fedFeb 16, 2021Copper Contributor
Thanks RNalivaika - I might give that a try later today.