AD Soft Match with Azure AD

Musab Ghannaj 1 Reputation point
2023-01-31T16:09:01.03+00:00

I have two separate AD domains. the old one contains Azure AD Cloud Sync agent that syncing my users from the old AD to Azure AD. I need to change the synchronization from the previous AD to newly created AD. I kept the agent running but I have converted the users to cloud users after I have deleted them then restore them to Azure AD. I installed Azure AD Connect on the new AD machine and start syncing users from specific OU. Every time after the sync I end up with UniqueAttribute errors and I cannot soft match the users to my AAD. I also tried to hard match these users using ImmutableID but also that did not work.

Am I missing something here. Do I need to remove the agent and the configuration of Azure AD cloud sync first.

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,511 Reputation points
    2023-02-01T00:11:34.37+00:00

    Hi @Musab Ghannaj

    Regarding the soft match, it based on UPN or mail attribute to match the on-promise user AD account with a existing Azure AD account.

    You should be sure that you don't have any duplicate UPN or mail address in your new domain.

    For more details you can read the following link:

    Sync with existing users in Azure AD

    Please don't forget to mark helpful answer as accepted

  2. Limitless Technology 43,941 Reputation points
    2023-02-02T09:33:15.9066667+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

    To change the synchronization from an old Active Directory (AD) to a new AD, you need to perform the following steps:

    1. Disable synchronization in the old Azure AD Connect installation.
    2. Remove the old Azure AD Connect installation completely.
    3. Install the new Azure AD Connect on the new AD machine.
    4. Configure Azure AD Connect to sync the desired users and objects from the new AD to Azure AD.
    5. Start the synchronization process.

    The unique attribute errors may occur if the same user account already exists in Azure AD and the new AD domain. To resolve this issue, you can either delete the duplicate user accounts from Azure AD or use a different method to match the users. You can try matching the users based on the mail attribute instead of the immutableID.

    Make sure to take a backup of the old Azure AD Connect configuration and the objects before making any changes.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments