I am working on a project for Company A, which operates in a hybrid environment with on-premises syncing to their Azure AD. Company A has a sister company, Company B, which has its own Azure Tenant.
Users from Company B have been allocated distinct logins on Company A's on-premises system for accessing applications specific to Company A. The user accounts for Company B under Company A's on-premises system also synchronize with Company A's Azure AD; however, no licenses have been assigned to these accounts.
Company A and Company B staff wanted to take advantage of B2B Collaboration, so Company A started creating guest account by inviting Company B users using their home tenant account.
As a result, Company B users now have a guest account and a member account (that syncs from Company A's on-premises) in Company A's Azure AD.
My assignment is to merge the member account that syncs from on-premises with the guest account. I was able to successfully merge the two account by doing the following.
- Disable sync on the on-premises account
- Wait for next sync job for the member account to be deleted in Company A's Azure AD
- Update the e-mail field with the Company B user's home tenant e-mail
- Retrieve the Immutable ID from the on-premises account
- Assign the above immutable ID to the correlating Azure AD guest account
- Enable Sync on the on-premises account
This is the URL where I found this work around.
https://www.orbid365.be/manually-match-on-premise-ad-user-to-existing-office365-user/
The guest account and the member account were successfully merged, and the user can send and receive emails. However, the Company B user we just converted is unable to receive emails from some users at Company A. This issue occurs only when Company A users select the Company B user from the Auto-Complete list, likely because they have communicated with each other in the past. The Company A user receives a bounce back with an undeliverable notification.
We were able to have the Company A user remove the Company B user's contact from their auto-complete list, and that seems to have fixed the issue. However, I don't find this solution ideal, as hundreds of users may be experiencing this problem without our awareness, and it doesn't seem practical to approach each user and ask them to remove the user from their auto-complete list.
I understand this can be confusing, as it took me a while to figure it out myself.
I would like to know if anyone has used this method to merge a guest and an on-premises account and if they can suggest a better workaround for this issue.