How to clear all immutable IDs for a clean Entra Connect install

Don Jones 0 Reputation points
2023-12-28T17:10:46.0533333+00:00

I have a customer that previously had Dir Sync installed years ago. They then discontinued with dir sync when a vendor that was provisioning their accounts in local AD started provisioning their accounts in Azure as well. Now that vendor is gone and they wish to use Entra Connect to sync their local AD to Entra/Azure. I would like to remove all immutable IDs in their Entra tenant for all user and group objects and allow Entra Connect to do a soft match using the email address. What is recommended in this scenario?

Thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-12-28T18:16:36.61+00:00

    Hi

    if you want migrate dirsync to entra connect you don’t need to cleanup immutableID.

    immutableID is calculated based on msds-consistencyGuid in on premise AD. Since the value of msds-consistencyGUid will not be modified during the upgrade to entra connect , you don’t need to cleanup immutableID and the hard match will be able to relink entra ID account with on premise AD account.

    I invite you to read the following link for details about the migration from Dirsync to entra connect server:

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-dirsync-upgrade-get-started


    Please don’t forget to accept helpful answer


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.