Azure Ad connect - Switch AD accounts for an Azure account

G.W 51 Reputation points
2020-07-02T06:32:33.223+00:00

Hi all,

I have a problem with my Azure ad connect.

We have an account AD (A) in forest trusted by site-to-site with our domain. This account AD is synched with our azure ad connect to Azure and the Azure account is already in use and work prefectly.
Now, we have decided to create a same account in a subdomain (B) on our active directory. This account isn't linked with azure ad connect.

(Same UPN, ProxyAdress )

Objectives: The azure ad account must remain active and we must switch the AD from account (A) to (B).

Test alraedy been done and failed: We did a test by deselecting the OLD OU, restarting the sync, selecting the new OU and restarting the sync again.
Result : Account A is deleted and new object is created on Azure for Account B

The account on Azure ad must to be active with all history.

Azure Ad connect : SourceAnchor: ObjectSID / UPN: Mail /Custom Attribute: UserPrincipaleName / Password : Hash Synchronization & Writeback

My question is : How do you achieve this scenario?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-07-02T09:09:59.063+00:00

    Hello @GaetanWalraet-7258

    For this purpose, you need to use ms-DS-ConsistencyGuid as the sourceAnchor attribute for User objects. You can then switch the value of ms-DS-ConsistencyGuid attribute of old user with the new user so that a hard match can be performed with the new user account at next sync cycle. Since ObjectGUID is not configrable, you can not use it as sourceAnchor to perform hard match.

    Please refer to How to enable the ConsistencyGuid feature - Existing deployment for instructions to change the sourceAnchor

    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

    2 people found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. s ganesamoorthy 161 Reputation points
    2020-07-02T22:04:57.987+00:00
    0 comments
  2. G.W 51 Reputation points
    2020-07-03T12:35:02.69+00:00

    Thank you both. That's what I thought, but I wanted to be sure before I threw this.
    I'll let you know if it works out.