Forum Discussion
Solved
Azure AD connect group soft match
Hi all, we have migrated to a new onprem AD forest recently, but kept the same O365 tenant. Soft matching of user accounts between new AD and O365 went just fine. But we are facing some issues whe...
catmur-fed I solved the issue by resorting to hard-match instead.
I had also tried solving the issue with MS Support, but they were basically saying the same as you report in the thread, so that lead nowhere.
The solution was to change source anchor to mS-DS-ConsistencyGuid on AzureAD Connect setup, populate matching immutableID on onprem groups and then run sync.
you can take a look at this article for reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#changing-the-sourceanchor-attribute
there was another article regarding group hard-maching but i cannot find it, i will maybe try later.
Cheers
For whoever might come to this thread this is what helped me: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-migrate-groups
1. Move the group out of sync scope, so the duplicate in Azure get's deleted (Wait for sync!)
2. Fix the group according to the link with the old onprem group "objectGUID" to new onprem group "mS-DS-ConsistencyGuid"
3. Move the group back into sync scope and wait for sync.
Cheers, Dom
1. Move the group out of sync scope, so the duplicate in Azure get's deleted (Wait for sync!)
2. Fix the group according to the link with the old onprem group "objectGUID" to new onprem group "mS-DS-ConsistencyGuid"
3. Move the group back into sync scope and wait for sync.
Cheers, Dom