Forum Discussion
Solved
Create new user accounts in M365 and merge the user accounts later from On premises AD.
Customer has an AD domain ( CORP ) and they are separating from the company with new domain ( ABC )
Currently they have M365, SharePoint and Teams access, As they are separating from the CORP domain they want to have a separate tenant with M365,Sharepoint and teams and still they will be login to CORP for internal resources access
- We will create a new tenant and enable the access of M365, SharePoint and Teams access to the ABC domain users
- COPR domain will not allow AD connect tool to sync ABC users to new tenant
- Manually we will create the users in the tenant and allow them to use M365,Sharepoint and teams
- User mailboxes are linked mailboxes
- ABC users are ok to use two credentials for accessing the resources internally and externally
- Once the ABC users are disconnected from CORP can we move and merge these users to the ABC tenant in the cloud ( M365)
- If we are syncing the users from ABC via AD connect tool to the ABC tenant ( Will the same user objects merge in the Tenant )
- In case we have to delete the users in the M365 tenant what happens to the user data of M365,Sharepoint and teams
- Can we merge the same ABC users which were manually created in the cloud with On prem AD with AD connect tool.
- Can we remap the users data if we delete them in the cloud and sync them again with AD connect
I will come to the right point.
Can we create a user in M365 and later merge the same user from on premises AD with AD connect tool
if above option is not possible then we want to delete the user created in M365 and sync the on premises users and connect them back to the same applications or data which the users were using wit cloud login.
Let me folks if the above options are possible.
Regards,
Arif
arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.
This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/
arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.
This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/
HIi CoasterKaty
Thanks for your reply !!
I have also reviewed the below links.
https://docs.microsoft.com/en-US/troubleshoot/azure/active-directory/objects-dont-sync-ad-sync-tool
arifsohail92 I've only done it on my home domain with a very small amount of users (at work we created the accounts via AADConnect) but the main thing is to make sure the UPN etc matches before AADConnect runs - once you've run it without them matching it'll make duplicate users and you'll have to spend ages messing with immutableIds etc.
