SOLVED

Create new user accounts in M365 and merge the user accounts later from On premises AD.

Copper Contributor

Customer has an AD domain ( CORP )  and they are separating from the company with new domain ( ABC )

 

Currently they have M365, SharePoint and Teams access, As they are separating from the CORP domain they want to have a separate tenant with M365,Sharepoint and teams and still they will be login to CORP for internal resources access

 

  • We will create a new tenant and enable the access of M365, SharePoint and Teams access to the ABC domain users
    • COPR domain will not allow AD connect tool to sync ABC users to new tenant
    • Manually we will create the users in the tenant and allow them to use M365,Sharepoint and teams
    • User mailboxes are linked mailboxes
    • ABC users are ok to use two credentials for accessing the resources internally and externally

 

  • Once the ABC users are disconnected from CORP can we move and merge these users to the ABC tenant in the cloud ( M365)
  • If we are syncing the users from ABC via AD connect tool to the ABC tenant ( Will the same user objects merge in the Tenant )
  • In case we have to delete the users in the M365 tenant what happens to the user data of M365,Sharepoint and teams
  • Can we merge the same ABC users which were manually created in the cloud with On prem AD with AD connect tool.
  • Can we remap the users data if we delete them in the cloud and sync them again with AD connect

I will come to the right point.

 

Can we create a user in M365 and later merge the same user from on premises AD with AD connect tool

 

if above option is not possible then we want to delete the user created in M365 and sync the on premises users and connect them back to the same applications or data which the users were using wit cloud login.

 

Let me folks if the above options are possible.

 

Regards,

Arif

4 Replies
best response confirmed by arifsohail92 (Copper Contributor)
Solution

@arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.

 

This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/

 

 

@arifsohail92 I've only done it on my home domain with a very small amount of users (at work we created the accounts via AADConnect) but the main thing is to make sure the UPN etc matches before AADConnect runs - once you've run it without them matching it'll make duplicate users and you'll have to spend ages messing with immutableIds etc.

@CoasterKaty
So here the key point , making sure users UPN are correct and the SMTP addresses.
In this situation we must create a users by exporting their details from the On premises AD with UPN and SMTP address and importing them in bulk on M365/AzureAD.

So at the later stage of the migration for the Azure AD configuration we will be able to do soft match and sync all the users.

Appreciate your suggestions if you have any !!

Thanks !!

1 best response

Accepted Solutions
best response confirmed by arifsohail92 (Copper Contributor)
Solution

@arifsohail92 If you create a cloud-only account in 365/Azure AD, and later connect AADConnect sync to it, it will merge accounts that it thinks are the same. Off the top of my head this is done off userPrincipalName or proxyAddresses matching. Probably something to test first but if your userPrincipalName on-premise is the same as the account logon name in 365, or the proxyAddresses contains a match for the email address of the cloud account (as the default address, i.e. SMTP: in upper case), it'll merge them. This is called "soft match" - there's a "hard match" which uses the sourceAnchor/immutableID but in your case I would expect soft match to work.

 

This explains it a bit better than I can https://raaaimund.github.io/tech/2019/06/13/merge-on-premise-existing-azure-ad-user/

 

 

View solution in original post