Forum Discussion
soft match with proxyAddresses
It's unlikely that they're Azure-native accounts now. It's possible, but unlikely.
The only way I recall being able to "convert" a user from Active Directory-managed to Azure AD native - without turning off directory synchronisaiton - is to:
- Ensure it's no longer being managed via Azure AD Connect (which will cause Azure AD Connect to soft-delete the user account from Azure AD);
- Recover the soft-deleted user account from the Azure AD "recycle bin" (within 30 days, or else it's hard deleted and no longer recoverable), at which point it's restored as an Azure AD-native account.
If you are ready to turn off directory synchronisation, then doing so converts all synchronised accounts (i.e. from Active Directory) to Azure AD-native accounts, but this is not something you do frivolously.
To verify if the account is Azure AD or not, check the OnPremisesSyncEnabled attribute. If it's "true" (as shown in the following screenshot), then it's still mastered by Active Directory, not Azure AD.
You can probably check using the Azure Portal, too, though I can't tell you exactly what the attribute might be labelled as, as I don't use it.
Cheers,
Lain
I'd check the OnPremisesSyncEnabled to be sure, but from what you're describing - given that you've already restored them, they ought to be Azure AD-native accounts now.
Auditing OnPremisesSyncEnabled is simply prudent as a safety check.
For any account where OnPremisesSyncEnabled is not true, you can freely manage or even delete the Active Directory or Azure AD accounts independently. Changes and deletions will not magically replicate from Active Directory to Azure AD or vice versa. (The obvious caveat is that any desired changes must be made manually to both account representations, too.)
Cheers,
Lain
