AD Sync User move to other AD

von Itter, Ingo 0 Reputation points
2024-04-05T08:17:00.8+00:00

Hello,

I work in a large company. We have successfully connected several local active directories to a global tenant via the AAD Connector. (CompanyA, CompanyB, CompanyC).

It often happens that employees move from CompanyA to CompanyB. For data protection reasons, the user must be deleted from the local AD of CompanyA. But he should keep his Azure account and this should be synced with a new OnPrem user from the AD of CompanyB. I have found how to sync a cloud user with a OnePrem user. (https://www.alitajran.com/sync-azure-ad-user/)

But how can I dissolve a sync (here from CompanyA) and make the user a pure cloud user?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,812 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 106.2K Reputation points MVP
    2024-04-05T16:59:30.63+00:00

    The only supported method for doing this is to temporary disable synchronization, make the changes, then re-enable it. An unsupported, albeit faster method is to delete the user in the cloud (not on-premises!), then recover it from the Recycle bin. At this point you will be able to make changes to the cloud user directly, so you can override the ImmutableID to match it against the user from Company B. But again, unsupported method, so use at your own risk.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.