Forum Discussion
Problems setting up Azure AD Connect
- Oct 09, 2018
You need to look at the Export flows. In general, the question you need to answer here is whether you see a new/duplicate account provisioned for the same user in O365? And, whether there are "quarantined" objects due to the duplicate attribute resiliency feature: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency
For general info, objects are being matched between AD and AAD on objectGUID first, and if that fails on the PrimarySMTPAddress (so-called hard-match and soft-match mechanisms). The later will only work if the ImmutableID is empty. Neither one will work if there are errors/quarantined object due to duplicate attributes. Matching UPNs will not "link" the two objects, but you can force the matching process using the articles I linked to above.
One other thing, you should not mess with the objectIdentifier/sourceAnchor, unless you have some specific configurations in place. It's not clear to me why you have chosen to use the mail attribute and not leave the default.
There is a feature called group-writeback but you'll need premium license for that!
Here you can find a script that creates objects from your 365 tenant in your ad! Needs a little sweaking though..
Hey,
Thanks!
Took a look at that script, i understand some of it.
I would like to just remove some parts in order to only sync the groups.
From what i understood, the script is for Users, contacts & groups
- Joerg-HanebuthMay 23, 2020Copper Contributor
- Oct 10, 2018Yes exaxtly! It seems to also add the members as well!
Correct, just edit out the users And contacts