Partager via

How to do Hard Match- Part 2 ?

  • Article

In my previous post I wrote about how we can do Hard Match of objects in on-premise to the corresponding objects in the cloud through Dirsync.

In this post we will be looking into a simple way to generate Immutable ID that we used in Hard Match process.

Connect to the machine where we have AD installed. Open a cmd prompt with administrator credentials and run the below command

ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"

 

 

This command will give us an output file export.txt that has all the user principal names and Immutable IDs of all objects that has UPN.

The output looks like this for each object

----------------------------------------------------
dn: CN=2013 OU=DirSynced OU DC=prakum DC=msftonlinerepro DC=com
changetype: add
objectGUID:: g8Pclm4vok+vFWtMERklmg==
userPrincipalName: 2013@prakum.msftonlinerepro.com
----------------------------------------------------

 

Now whichever object we want to do a hard match we just have to search for the object using UPN in the above text file and note down the corresponding objectGUID for that object.

We can use the objectGUID in the below command to set the immutable ID in the cloud for the object as below

Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId g8Pclm4vok+vFWtMERklmg==  

Here User@domain.com is the UPN of the user who is in cloud and we want to sync the on-premise user to sync to.

 

Run Dirsync

Now force an Dirsync to connect the users 

 

Note: Due to replication and delay in onprem and cloud we might have to wait for some time and force Dirsync couple of times.

Comments

  • Anonymous
    August 10, 2014
    There are 2 types of matching we do during Dirsync

    Soft Match
    Hard Match


    In this post
  • Anonymous
    May 17, 2015
    Hi Praveen. Are you MSFT? I am trying to find you GAL but can find you.
    • Anonymous
      November 12, 2016
      Hello HitenMy email is prakum@microsoft.com. IM me if you feel I can help you with something. My personal email address is praveenkumare_sp@hotmail.com RegardsPraveen Kumar
  • Anonymous
    May 17, 2015
    Hi Praveen. Are you MSFT? I am trying to find you GAL but can find you.
  • Anonymous
    June 11, 2015
    I have a user where the immutable IDs match, however, I cannot get Dirsync to process this user.
    The user still has a status of 'In cloud' rather than 'Synced with Active Directory'

    $guid = (get-Aduser myuser).ObjectGuid
    $immutableID = [System.Convert]::ToBase64String($guid.tobytearray())
    Write-Host $immutableID
    Get-MsolUser -UserPrincipalName "myuserUPN" | select ImmutableId, LastDirSyncTime

    1KkfphGVXkGObMYSonmlOw==

    ImmutableId LastDirSyncTime
    ----------- ---------------
    1KkfphGVXkGObMYSonmlOw==

    How do I get the sync process to work for this user.

    Greg Farquhar


  • Anonymous
    July 20, 2015
    Same issue for me as Greg - been trying to solve with both soft and hard match with Microsoft O365 support now for about 3 weeks - any more help would be appreciated!
  • Anonymous
    August 24, 2015
    Same thing here. Anyone ever find a solution for this?
  • Anonymous
    August 26, 2015
    Hello, How do you get this to work for all users? What would be the command to do this?