Office365 - change ADSync domain

Hi
I've got this working before - but not quite like this. Done this:
* migrated from old.domain to new.domain on-premise
* disabled dirsync in office365.tenant
* stoppet dirsync on old.domain
* installed dirsync in new.domain

But - in Office365 user have this UserPrincipalName:
username@old.domain and ImmutableID: 1234abcd

in new.domain ObjectGUID is not migrated and username is username@new.domain

How can we match users in new.domain on-prem with Office365? any experiences?
* we've looked into changing source anchor. Pros and cons?
* anyway to matchin without changing immutableID?
* if we change immutable ID - what consequences? only service in office365 is sharepoint
LVL 23
Jakob DigranesSenior ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam DrayerIT Training SpecialistCommented:
The ImmutableID is only used for referencing the on-prem account.  You will have to remove it if you want to link the Office 365 user to a new AD account.

You can remove the Immutable ID and then perform a sync, but the on-prem accounts and Office 365 accounts must have either the same primary mail address, or the same UPN/Login.  So you will need to have the new domain added to the tenant, add new smtp address for all the users in Office, set the new ones to the Primary SMTP, and make sure the on-prem account also has the new domain listed as the primary smtp in the ProxyAddresses attributes.  Here is a YouTube video on the subject:
https://www.youtube.com/watch?v=8m00k3AU-HA
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vasil Michev (MVP)Commented:
You can match the Immutable IDs, the so-called "hard match": http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

In order to use soft-match, you have to clear the ImmutableID, so either way you are changing it.
0
Jakob DigranesSenior ConsultantAuthor Commented:
Hi Adam .... yeah - we thought of that as one solution; but as I asked. What are the consequences in Office365 when changing immutable ID. Read somewhere that file permissions in OneDrive is locked towards ImmutableID
0
Adam DrayerIT Training SpecialistCommented:
Jakob,

I have never heard of that. I can see it being the ObjectID in Azure. But that's a different attribute.  That attribute is the unique ID for the Azure user, similar to the ObjectGUID on-prem.  The ImmutableID is is just for linking identities.  As far as I am aware the only consequence of changing or removing the ImmutableID would be that the Office 365 user is no longer linked to the on-premise account.  But if there is concern, you should test it on a few users first.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.