Forum Discussion

Copper Contributor

Feb 12, 2021

Solved

Create new user accounts in M365 and merge the user accounts later from On premises AD.

Customer has an AD domain ( CORP ) and they are separating from the company with new domain ( ABC ) Currently they have M365, SharePoint and Teams access, As they are separating from the CORP do...

CoasterKaty
Feb 12, 2021
arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.

This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/

CoasterKaty

MVP

Feb 12, 2021

arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.

This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/

arifsohail92

Copper Contributor

Feb 12, 2021

HIi CoasterKaty

Thanks for your reply !!

I have also reviewed the below links.

https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78

https://chinnychukwudozie.com/2015/04/10/matching-an-office-365-azure-cloud-user-identity-with-an-on-premise-active-directory-user-object/

https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78

https://docs.microsoft.com/en-US/troubleshoot/azure/active-directory/objects-dont-sync-ad-sync-tool

CoasterKaty
MVP
Feb 12, 2021
arifsohail92 I've only done it on my home domain with a very small amount of users (at work we created the accounts via AADConnect) but the main thing is to make sure the UPN etc matches before AADConnect runs - once you've run it without them matching it'll make duplicate users and you'll have to spend ages messing with immutableIds etc.
- arifsohail92
  Copper Contributor
  Feb 12, 2021
  CoasterKaty
  So here the key point , making sure users UPN are correct and the SMTP addresses.
  In this situation we must create a users by exporting their details from the On premises AD with UPN and SMTP address and importing them in bulk on M365/AzureAD.
  
  So at the later stage of the migration for the Azure AD configuration we will be able to do soft match and sync all the users.
  
  Appreciate your suggestions if you have any !!
  
  Thanks !!