Office365 - change ADSync domain
Hi
I've got this working before - but not quite like this. Done this:
* migrated from old.domain to new.domain on-premise
* disabled dirsync in office365.tenant
* stoppet dirsync on old.domain
* installed dirsync in new.domain
But - in Office365 user have this UserPrincipalName:
username@old.domain and ImmutableID: 1234abcd
in new.domain ObjectGUID is not migrated and username is username@new.domain
How can we match users in new.domain on-prem with Office365? any experiences?
* we've looked into changing source anchor. Pros and cons?
* anyway to matchin without changing immutableID?
* if we change immutable ID - what consequences? only service in office365 is sharepoint
I've got this working before - but not quite like this. Done this:
* migrated from old.domain to new.domain on-premise
* disabled dirsync in office365.tenant
* stoppet dirsync on old.domain
* installed dirsync in new.domain
But - in Office365 user have this UserPrincipalName:
username@old.domain and ImmutableID: 1234abcd
in new.domain ObjectGUID is not migrated and username is username@new.domain
How can we match users in new.domain on-prem with Office365? any experiences?
* we've looked into changing source anchor. Pros and cons?
* anyway to matchin without changing immutableID?
* if we change immutable ID - what consequences? only service in office365 is sharepoint
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The ImmutableID is only used for referencing the on-prem account. You will have to remove it if you want to link the Office 365 user to a new AD account.
You can remove the Immutable ID and then perform a sync, but the on-prem accounts and Office 365 accounts must have either the same primary mail address, or the same UPN/Login. So you will need to have the new domain added to the tenant, add new smtp address for all the users in Office, set the new ones to the Primary SMTP, and make sure the on-prem account also has the new domain listed as the primary smtp in the ProxyAddresses attributes. Here is a YouTube video on the subject:
https://www.youtube.com/watch?v=8m00k3AU-HA
You can remove the Immutable ID and then perform a sync, but the on-prem accounts and Office 365 accounts must have either the same primary mail address, or the same UPN/Login. So you will need to have the new domain added to the tenant, add new smtp address for all the users in Office, set the new ones to the Primary SMTP, and make sure the on-prem account also has the new domain listed as the primary smtp in the ProxyAddresses attributes. Here is a YouTube video on the subject:
https://www.youtube.com/watch?v=8m00k3AU-HA
You can match the Immutable IDs, the so-called "hard match": http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx
In order to use soft-match, you have to clear the ImmutableID, so either way you are changing it.
In order to use soft-match, you have to clear the ImmutableID, so either way you are changing it.
Hi Adam .... yeah - we thought of that as one solution; but as I asked. What are the consequences in Office365 when changing immutable ID. Read somewhere that file permissions in OneDrive is locked towards ImmutableID
Jakob,
I have never heard of that. I can see it being the ObjectID in Azure. But that's a different attribute. That attribute is the unique ID for the Azure user, similar to the ObjectGUID on-prem. The ImmutableID is is just for linking identities. As far as I am aware the only consequence of changing or removing the ImmutableID would be that the Office 365 user is no longer linked to the on-premise account. But if there is concern, you should test it on a few users first.
I have never heard of that. I can see it being the ObjectID in Azure. But that's a different attribute. That attribute is the unique ID for the Azure user, similar to the ObjectGUID on-prem. The ImmutableID is is just for linking identities. As far as I am aware the only consequence of changing or removing the ImmutableID would be that the Office 365 user is no longer linked to the on-premise account. But if there is concern, you should test it on a few users first.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial