Share via

Merge Azure user and On-Premises user

Niiiiiiiie 0 Reputation points
2024-07-11T08:08:43.95+00:00

There are some users in Azure Entra ID created by M365 Admin Center (e.g. ******@CCT.com). And then AAD connector sync user jack from On-premises, it appears ******@cct.onmicrosoft.com in Azure Entra ID. Both accounts actually a same user, so the question is how to merge account ******@CCT.com and ******@cct.onmicrosoft.com?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,659 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 27,530 Reputation points Moderator
    2024-07-11T11:10:36.68+00:00

    Hello Niiiiiiiie,

    Thanks for your question.

    You will need to do a soft-match/hard-maatch. There are three attributes used for this process: userPrincipalName, proxyAddresses, and sourceAnchor/immutableID.

    So what you need to do is ensure the UPN, proxyaddresses match or it will detect it as a different user.

    This is documented here:

    Sync with existing users in Microsoft Entra ID

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments
  2. Sandeep G-MSFT 20,881 Reputation points Microsoft Employee Moderator
    2024-07-15T07:48:34.0766667+00:00

    @Niiiiiiiie

    Thank you for posting this in Microsoft Q&A.

    As I understand you are trying to do a UPN soft match and it is not happening.

    First you can check and confirm that there is an alternate domain suffix "CCT.com" added in your on-premises. And also make sure user account has UPN "******@CCT.com" set in your on-premises environment.

    If above steps are already in place then,

    Can you check if "EnableSoftMatchOnUpn" is enabled for Azure AD.

    You can run below command to check and enable this feature if it is disabled.

    • Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectorySynchronization.ReadWrite.All
    • Get-MgDirectoryOnPremiseSynchronization | Select-Object -ExpandProperty Features | Format-List
    • In the output that you get, you can check "SoftMatchOnUpnEnabled" property and confirm if this is set to "True" of "False".
    • If it is set to "False" then you can set that to "True".
    • Run command "Connect-MsolService"
    • Enter the global admin credentials.
    • Post that run command "Set-MsolDirSyncFeature -Feature EnableSoftMatchOnUpn -Enable $true".
    • Try running sync cycle and this issue should be resolved.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.