Jul 12 2020
- last edited on
Feb 06 2023
We had a disaster at work, we lost all VMs and Backups. now we build a new AD om premises with the same forest and need to sync again with office 365. accounts were syncing with password hash synchronization so now users can login on clouds but these accounts not liked to on premises accounts.
How can i solve this issue.
Jul 12 2020 08:04 AM
Jul 12 2020 08:25 AM
Just to add a small correction - soft match will not work in this scenario, as it requires the ImmutableID to be null. You'll either have to disable dirsynd in order to nullify the ImmutableId's of each user, or simply use the hard match method instead.
Jul 12 2020 09:19 AM
Hello @Vasil Michev , thank you for the correction, nice addition.
I, maybe wrong, assumed that as his AD on-premises is lost,
he has already disabled DirSync to be able to manage the cloud objects, but your addition makes everything more clear
Jul 12 2020 11:21 AM
Jul 14 2020 12:14 AM
Do I have to disable the direct sync as it will take up to 72 hours as mentioned in Microsoft documentation?
if not the scenario will be :
clear ImmutableId's in azure objects by script
Run Direct sync by setting email as source anchor.
will that work?
Jul 14 2020 08:30 AM
In order to clear the ImmutableID, you need to disable DirSync. Of you plan to use the hard-match method, there's no need to disable it as you can change the value directly via Set-AzureADUser.