How to delete user on local dc, but save the user on azure dc?

%3CLINGO-SUB%20id%3D%22lingo-sub-2672705%22%20slang%3D%22en-US%22%3EHow%20to%20delete%20user%20on%20local%20dc%2C%20but%20save%20the%20user%20on%20azure%20dc%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2672705%22%20slang%3D%22en-US%22%3E%3CP%3Ehello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20sync%20user%20that%20created%20on%20local%20dc%20and%20the%20account%20syn%20to%20azure.%3C%2FP%3E%3CP%3ENow%20I%20want%20to%20remove%20from%20local%20And%20save%20him%20on%20azure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20to%20do%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethank%20you%20everybody!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2771455%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20delete%20user%20on%20local%20dc%2C%20but%20save%20the%20user%20on%20azure%20dc%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2771455%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20my%20knowledge%2C%20this%20is%20not%20supported%20as%20of%20now%2C%20however%2C%20it%20does%20the%20trick.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20only%20workaround%20i%20know%20of%2C%20is%20the%20following%3A%3C%2FP%3E%3CP%3E1)%20In%20the%20on-prem%20AD%2C%20move%20the%20user%20to%20a%20OU%20that%20is%20not%20synced%20or%20delete%20the%20user.%3C%2FP%3E%3CP%3E2)%20Let%20%22Azure%20AD%20Connect%22%20sync%3C%2FP%3E%3CP%3E3)%20In%20AzureAD%2C%20go%20to%20deleted%20users%2C%20and%20find%20the%20user%20there%2C%20restore%20the%20user.%3C%2FP%3E%3CP%3E4)%20By%20using%20powershell%2C%20connect%20to%20the%20Azure%20AD%20using%20msolservice%2C%20find%20the%20attribute%20on%20the%20specific%20user%20called%20%22ImmutableId%22%2C%20and%20delete%20the%20value.%26nbsp%3B%20The%20following%20code%20should%20do%20it%20for%20you%3C%2FP%3E%3CP%3ESet-MsolUser%20-UserPrincipalName%20usernamesomething%40contoso.com%20-ImmutableId%20%22%24null%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eplease%20note%2C%20the%20%22%24null%22%20needs%20to%20be%20inside%20%22%22%2C%20otherwise%20the%20value%20will%20not%20be%20emptied.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20user%20should%20now%20be%20restored%20as%20cloud%20only%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELike%20i%20said%2C%20i'm%20fairly%20sure%20this%20is%20not%20supported%20by%20Microsoft%2C%20so%20please%20use%20the%20above%20at%20your%20own%20risk.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20basically%20the%20opposite%20of%20doing%20a%20hard%20match%20for%20AD%20connect%2C%20when%20doing%20that%2C%20you%20would%20create%20the%20immutableID%20for%20the%20user.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

hello all,

 

I have sync user that created on local dc and the account syn to azure.

Now I want to remove from local And save him on azure.

 

How to do that?

 

thank you everybody!!

1 Reply

To my knowledge, this is not supported as of now, however, it does the trick.

 

So the only workaround i know of, is the following:

1) In the on-prem AD, move the user to a OU that is not synced or delete the user.

2) Let "Azure AD Connect" sync

3) In AzureAD, go to deleted users, and find the user there, restore the user.

4) By using powershell, connect to the Azure AD using msolservice, find the attribute on the specific user called "ImmutableId", and delete the value.  The following code should do it for you

Set-MsolUser -UserPrincipalName usernamesomething@contoso.com -ImmutableId "$null"

 

please note, the "$null" needs to be inside "", otherwise the value will not be emptied.

 

The user should now be restored as cloud only user.

 

Like i said, i'm fairly sure this is not supported by Microsoft, so please use the above at your own risk. 

 

This is basically the opposite of doing a hard match for AD connect, when doing that, you would create the immutableID for the user.