Hi @Francisco Fernandes , I understand that you're having issue with AD Connect creating a new user in Azure AD when it should pick up an existing user as "soft-match".
Soft-match requires any of these to be the same between on-prem AD and Azure AD:
- UPN (userPrincipalName)
- Primary email address (proxyAddresses attribute, the value with SMTP:)
The match is only evaluated for new objects coming from Connect. If you change an existing object so it matches any of these attributes, then you see an error instead.
If Microsoft Entra ID finds an object where the attribute values are the same as the new incoming object from Microsoft Entra Connect, then it takes over the object in Microsoft Entra ID and the previously cloud-managed object is converted to on-premises managed. All attributes in Microsoft Entra ID with a value in on-premises AD are overwritten with the respective on-premises value.
Warning: Since all attributes in Microsoft Entra ID are going to be overwritten by the on-premises value, make sure you have good data on-premises. For example, if you only have managed email address in Microsoft 365 and not kept it updated in on-premises AD DS, then you lose any values in Microsoft Entra ID / Microsoft 365 not present in AD DS.
Please check that you have both UPN and Primary email address match between on-prem AD user and Azure AD user.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.