Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Idfix and multiple forests

Iron Contributor

Does anyone have any idea how to get IDFIX to work in multiple forests? I have a multiple forest to single pre-existing  AAD tenant migration coming up and I want to try catch any attribute clashes before the sync starts. 

 

Or has anyone used a tool they can recommend?

 

I have things like contacts in one forest matching user mailboxes in other forest with clashing proxyaddresses etc :)

2 Replies

@PeterJ_Inobits 

 

I think you have a good idea where your issues are going to be. 

Starting a sync does not have to go in one swoop however if you are working multi forest. You could start with syncing users and catch up with contacts at a later time. This would prioritize a correct sync for your users and you could clean up contacts that are no longer needed, once move to the cloud. 

 

I don't think IDFix will help you with analyzing cross premise. And as far as I know there is no good tool to do it. But I think you could build something with PowerShell. You could pull all important unique attributes from on prem and check for them in the lists from the other forests. (Thinking UPN, Alias, SMTP Addresses, ...) 

@ShellBlazer 

 

Thanks. I was hoping someome knew of neat trick. I'm going to be using the Powershell route and then using PowerBI to visual the data.

 

One issue is you can't sync a user into the tenant when the is already a contact object in the tenant with an identical email address. Not to mention the bad user experience if the X500 addresses of the various objects are not synched correctly...