Share via

Merge Azure user and On-Premises user

Niiiiiiiie 0 Reputation points
2024-07-11T08:08:43.95+00:00

There are some users in Azure Entra ID created by M365 Admin Center (e.g. jack@CCT.com). And then AAD connector sync user jack from On-premises, it appears jack@cct.onmicrosoft.com in Azure Entra ID. Both accounts actually a same user, so the question is how to merge account abc@CCT.com and abc@cct.onmicrosoft.com?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,756 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 11,190 Reputation points
    2024-07-11T11:10:36.68+00:00

    Hello Niiiiiiiie,

    Thanks for your question.

    You will need to do a soft-match/hard-maatch. There are three attributes used for this process: userPrincipalName, proxyAddresses, and sourceAnchor/immutableID.

    So what you need to do is ensure the UPN, proxyaddresses match or it will detect it as a different user.

    This is documented here:

    Sync with existing users in Microsoft Entra ID

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments
  2. Sandeep G-MSFT 16,861 Reputation points Microsoft Employee
    2024-07-15T07:48:34.0766667+00:00

    @Niiiiiiiie

    Thank you for posting this in Microsoft Q&A.

    As I understand you are trying to do a UPN soft match and it is not happening.

    First you can check and confirm that there is an alternate domain suffix "CCT.com" added in your on-premises. And also make sure user account has UPN "jack@CCT.com" set in your on-premises environment.

    If above steps are already in place then,

    Can you check if "EnableSoftMatchOnUpn" is enabled for Azure AD.

    You can run below command to check and enable this feature if it is disabled.

    • Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectorySynchronization.ReadWrite.All
    • Get-MgDirectoryOnPremiseSynchronization | Select-Object -ExpandProperty Features | Format-List
    • In the output that you get, you can check "SoftMatchOnUpnEnabled" property and confirm if this is set to "True" of "False".
    • If it is set to "False" then you can set that to "True".
    • Run command "Connect-MsolService"
    • Enter the global admin credentials.
    • Post that run command "Set-MsolDirSyncFeature -Feature EnableSoftMatchOnUpn -Enable $true".
    • Try running sync cycle and this issue should be resolved.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.