Issue with a single using while sync with on-prem to azure

Question

We tried creating a On-prem user who is already a member of Cloud, but we face sync issue during this operation. We use the same UPN which is our sync criteria, but still it creates new email id in the cloud portal.

kindly help us resolve this issue.

Answer 1

Hi @Mohan IT-Admin-Account
I understand that you are creating a On-prem user who is already a member of Cloud, but you are facing sync issue during this operation. You use the same UPN, which is your sync criteria, but still, it creates new email id in the cloud portal.

Try to delete the new email id in the cloud portal.

Then you need to make the immutable ID of the cloud user to null. For on-prem user the GUID value is converted to immutable ID with Base64. The converted immutable ID should be added to cloud user. Then you should run the sync. You can turn to a “hard match,” which is performed by taking the on-premises GUID, then converting this value into what is known in the Azure AD cloud as an “immutableID,” and then writing that converted value directly into Azure AD. When Directory Synchronization runs.

$credential = Get-Credential
Connect-MsolService -Credential $credential
$ADUser = "username" 
$365User = "******@emaildomainname.com"
$guid =(Get-ADUser $ADUser).Objectguid
$immutableID=[system.convert]::ToBase64String($guid.tobytearray())
Set-MsolUser -UserPrincipalName "$365User" -ImmutableId $immutableID

When sync runs after the process is done the issue is resolved.

Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click `Accept Answer` and `Yes`.