Azure Active Directory Connect Issue

Chris Durham 11 Reputation points
2019-12-20T09:34:10.36+00:00

Good Morning,
I have the following scenario and I need some assistance with ADConnect :-

1) Office 365/AAD accounts configured and successfully connected to local AD (Contoso)
2) ADConnect removed
3) new AD domain created (Contoso.company)
4) script run to remove the ImmutableID attribute from the AAD accounts
5) new contoso.company AD users created with same smtp and upn as old contoso users
6) ADConnect configured to sync contoso.company AD to AAD
7) Sync fails with duplicate smtp attribute

I have searched on here and the documentation says that if there is anything in the ImmutableID field then ADConnect will try a hard match - this will fail as there is no AD account with that id in it anymore. It does say that as long as the ImmutableID is null then it will perform a soft match based on UPN and primary smtp address and join the accounts that way. It seems that something is missing and it won't join the accounts. Can anyone help please ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Chris Durham 11 Reputation points
    2019-12-20T10:54:02.587+00:00

    I have found a solution - instead of setting the ImmutableID to Null and hoping it will connect correctly, we can set the ImmutableID to the correct value for the new AD account - I used the following article Link

    The very last section discusses how to set this attribute correctly.

    2 people found this answer helpful.