25,230 questions
Matching guest users against and on-premises object is not a supported scenario afaik.
Question about merging on-premise AD and Azure AD account
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHG%3C/text%3E%3C/svg%3E)
HK G
516
Reputation points
I have a user who have both on-premise and azure ad accounts (guest user in Azure). I would like to merge those 2 accounts as both accounts have the same proxy email address and that caused conflict with AD connect sync.
The azure guest account already have resource assigned to it, e.g. O365 group for sharepoint site and etc. If I assign the same immutableid to the on premise ad account, how would that affect the access to the assigned resource? After the merging, the user will be using the on-premise ad account to login. Would that account be able to access the resource that was assigned to the deleted guest account? Do I have to do any adjustment if the access remain the same after the merging?
Thanks
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
-
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator2022-05-07T10:58:01.403+00:00
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 28.999999999999996%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Lawrie Scott 1 Reputation point2022-05-07T11:05:51.67+00:00 Is the on premise account also a guest account, if so this cannot work, or a different type of account. If that is the case you should be able to assign those resources to the on-prem account and remove the Azure AD guest account. Then AD Connect will sync the on-prem account to the Azure AD account. I stand corrected but this seems like it would work.