User account was deleted then recreated in on-prem, Old Azure account is not associated with new on-prem account.

Hunter 1 Reputation point
2022-04-27T17:25:13.617+00:00

I had a typo in a users account creation, so I had to make a new one for them. I wanted to see if editing the info (correcting name typo) in the users on-prem properties would affect the Azure object. Since Azure uses Object IDs to reference accounts, but on-prem uses something else (account names? CN?) I wasn't sure the azure ad object would still be associated with the on-prem object. After I changed the name in the on-prem object azure also updated, but since the mailbox for the user wasn't being found I decided to delete the on-prem object which in turn moved the azure object to the deleted users tab. I was hoping by making a new user and re-enabling the account in azure I would be able to just re-associate the objects but after a couple tests that didn't work.

Essentially I'm wondering if there's a way to force Azure to connect to this new account in on-prem AD. If not I believe my only option is to delete the account in on-prem and Azure and start from scratch.

Also I realize this is a long explanation and probably am referring to things by the incorrect name, I'm newer to azure/O365 so please bare with me!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,898 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,561 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 34,036 Reputation points Microsoft Employee
    2022-04-27T23:42:05.94+00:00

    Hi @Hunter ,

    Thanks for your post!

    Are you attempting to match or merge the individual user account in On-premises and Azure AD based on the UPN? If this is the case, you can use soft matching to match users accounts when their UPN or SMTP match across objects in the cloud and on-premises, or hard matching based on the sourceAnchor/ImmutableID.

    To learn more about Hard-match vs Soft-match, please refer to the UPN matching guide and the guide, When You Already Have an Azure AD.

    As you correctly pointed out, the synchronization only flows from on-premises to Azure and user writeback is not supported, so matching the attributes or deleting and starting over are the two ways to go.

    I hope this helps!

    -

    If this information helped you, please remember to Accept the answer so that others in the community searching for similar answers can more easily find a solution.

    0 comments