Forum Discussion

Shaun Delorez's avatar
Shaun Delorez
Copper Contributor
Jul 25, 2018

Duplicate Accounts in O365 from Azure AD Sync

We have a unique situation where we synchronized our existing AD domain of 'company.eu' to our O365 tenant 'company.com'.  In O365, 'company.com' includes everyone in the US and Europe...all Company...
  • Nestori Syynimaa's avatar
    Jul 25, 2018

    Hi Shaun,

     

    First you need move those duplicate company.eu users to an OU that is not synced (in on-premises). Then run the sync manually, which deletes those users from the cloud. Then you need to remove the users from "recycle bin" using PowerShell:

    Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin

    For the second step, you have two options. You can either change on-premises UPNs from company.eu to company.com, or you can hard-link the users manually.

     

    For the latter option,  you need to add GUID of on-premises company.eu user as the ImmutableId of company.com user in the cloud.  Here is the one-liner that does the trick for one user.

    Set-MsolUser -UserPrincipalName user1@company.com -ImmutableId ([System.Convert]::ToBase64String((Get-ADUser -Filter "UserPrincipalName -eq 'user1@company.eu'").ObjectGUID.ToByteArray()))

    After fixing the on-premise UPN or manually hard-linking the users, move them back OU that is synced and run the sync manually again. After the sync, on-premises company.eu users should be linked to existing company.com users.

     

     To add aliases to synced company.eu users, you need to edit their proxyAddresses attribute in on-premises AD. The following example sets the company.eu as primary email address and company.eu as alias.

    SMTP:user1@company.com
    smtp:user1@company.eu

     

Resources