Forum Discussion

alvaroagocs's avatar
alvaroagocs
Copper Contributor
May 05, 2020

Self-service users and AAD Connect

Hi. I'm having some trouble managing Azure AD. Here's the context:   As our sysadmin and tech manager, I previously, since 2 years or more) had Microsoft account with our webmaster@company.com addr...
Azure Active Directory (AAD)
alvaroagocs's avatar
alvaroagocs
Copper Contributor
May 09, 2020

Moe_Kinani Thanks for your reply.

 

I tried your proposed solution, with the following results:

 

1. On my colleague's account, the one who registered himself to get access to Teams, and has two sources of authority ("Windows Server AD" and "Azure Active Directory (self-service)"), I could run the commands with no problem. However, after forcing the inicial sync, the account still has the same two sources of authority.

 

2. With my personal, named account, which currently is shown double on AAD(alvaro@company.com linked to Azure AD, and alvaro1234@company.onmicrosoft.com linked to on-premise AD), when I ran the command, I got the following error:

 

PS C:\Users\Administrator> Set-MsolUser -UserPrincipalName alvaro@company.com -ImmutableId "BuoO8NjJF0aSXA2p5e8j1A=="
Set-MsolUser : Uniqueness violation. Property: SourceAnchor.
At line:1 char:1
+ Set-MsolUser -UserPrincipalName alvaro@company.com -ImmutableId ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UniquenessValidationException,Microsoft.Onlin
e.Administration.Automation.SetUser

 

I suppose this error is because, in AAD, the account alvaro@company.onmicrosoft.com is already linked to that ImmutableId. How can I handle it?

Johnny_Hauan's avatar
Johnny_Hauan
Copper Contributor
Sep 24, 2020
Did you ever manage to fix this? Cause i have this same issue with one account and its stopping that user from MDM enrollment. Im not sure what Moe_Kinani meant by making sure he gets removed from O365 users. If you remove the user from synced OU i expect the Windows Server AD authority to disappear, not O365 (Azure AD Self-Service).

Resources