We help IT Professionals succeed at work.

Office365 - change ADSync domain

Jakob Digranes
on
154 Views
Last Modified: 2017-08-18
Hi
I've got this working before - but not quite like this. Done this:
* migrated from old.domain to new.domain on-premise
* disabled dirsync in office365.tenant
* stoppet dirsync on old.domain
* installed dirsync in new.domain

But - in Office365 user have this UserPrincipalName:
username@old.domain and ImmutableID: 1234abcd

in new.domain ObjectGUID is not migrated and username is username@new.domain

How can we match users in new.domain on-prem with Office365? any experiences?
* we've looked into changing source anchor. Pros and cons?
* anyway to matchin without changing immutableID?
* if we change immutable ID - what consequences? only service in office365 is sharepoint
Comment
Watch Question

IT Training Specialist
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2015
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jakob DigranesSenior advisor
CERTIFIED EXPERT

Author

Commented:
Hi Adam .... yeah - we thought of that as one solution; but as I asked. What are the consequences in Office365 when changing immutable ID. Read somewhere that file permissions in OneDrive is locked towards ImmutableID
Adam DrayerIT Training Specialist

Commented:
Jakob,

I have never heard of that. I can see it being the ObjectID in Azure. But that's a different attribute.  That attribute is the unique ID for the Azure user, similar to the ObjectGUID on-prem.  The ImmutableID is is just for linking identities.  As far as I am aware the only consequence of changing or removing the ImmutableID would be that the Office 365 user is no longer linked to the on-premise account.  But if there is concern, you should test it on a few users first.