Skip to main content
  1. Posts/

Update User Guid to Match Existing User in Microsoft 365 Azure Ad

·352 words·2 mins·
Administration guide notes microsoft wiki azure
May Meow
Author
May Meow
MayMeow is a developer and cybersecurity enthusiast with a passion for cryptography, DevSecOps, and open-source contributions. They enjoy creating tools that strengthen digital security, blending creativity and technology to innovate in fields like PHP and .NET. Always exploring new frontiers in tech, MayMeow is dedicated to safeguarding the digital landscape through their work.
Table of Contents

Let’s see what to do when azure ADSync synchronize you on Premise AD user to azure to @domain.onmicrosoft.com. In most cases it was done when i have already existing user username@mydomain.tld. Fortunately this is fixable problem. So what to do?

First of all you will need to find ObjectGUID of users which you want update. This can be retrieved form you local AD. But not that one you can find in MMC if you check users atribute. This format is not accepted with Azure AD, so there is another way to obtain it. We use tool called LDIFDE.

This tool can export/inport data from/to Active Directory. You can find more about it here https://support.microsoft.com/en-us/help/555636.

So let’s export users data to txt file by following command

Getting ObectGuid
#

ldifde -d DistinguishedName of the user -f c:\temp\exporteduser.txt
# output
uSNChanged: 129668
name: Emma Wolf
objectGUID:: WhJMX8r25UigMnvHO/u3Ew==
userAccountControl: 512
badPwdCount: 0

So and this is right format which we will need to set up to account in Azure AD in case of sinchronization. But first you will need remove existing account.

Updating our Azure AD user
#

You will need to connect to office 365 via Powershell. So if you dont have MSOnline extension install it

Install-Module MSOnline

Connect to Your Office 365

Connect-MsolService 

Update Guid to your existing user

set-msoluser -userprincipalname emma@yourdomain.com -ImmutableID xxx

If there exists user which already using this id you will getting error on output so at first you will need remove existing user with this id.

Stop synchronization betweehn AD and Azure AD (by opening azure AD configuration)

To get existing user use:

 Get-MsolUser -All | Where-Object {$_.ImmutableID -eq "WhJMX8r25UigMnvHO/u3Ew=="}

If user was deleted is perhaps in recycle Bin and is not returned in output so use following command to show it

Get-MsolUser -All -ReturnDeletedUsers | Where-Object {$_.ImmutableID -eq “WhJMX8r25UigMnvHO/u3Ew==}

This command give you same result but for deleted users.

OK. Now remove this user

Remove-MsolUser -UserPrincipalName "emma@domain.onmicrosoft.com" -Force

and remove him from recycle bin

Remove-MsolUser -UserPrincipalName "emma@domain.onmicrosoft.com" -RemoveFromRecycleBin

Thats all. Now close ADSync config screen and wait until synchronization si conplete or in powershell run ` Start-ADSyncSyncCycle'.

Reply by Email

Related

Deploy Your Site to Azure with GitLab
·714 words·4 mins
tutorials azure gitlab hugo
Initial Server Setup on Cloud Services
·398 words·2 mins
Administration Fundamentals linux ubunutu tutorial
Settig Up SSH Keys for Ubuntu
·681 words·4 mins
linux ubuntu security tutorials