Search AD object with specific ms-DS-ConsistencyGUID

July 31, 2020 | by iaur | posted as Active Directory, Azure AD

Scenario: Got two MSOL user they are both sync, looking to see if we can merge it.

 You don’t have to really merge this and there’s no way to really do that. Both msol user are synced with AD. So the question is who’s to retain and obviously it would be the licensed account.

For this you just need to find the equivalent AD object of the unlicensed msol user and move it away from the syncing OU. This will delete it from O365 hence will not show ung Admin center active user.

On O365 PowerShell

Get-MSOLuser -UserPrincipalName user@domain.onmicrosoft.com | fl name,immutableID

# run this to find the immutableID of the unlicensed user

Take note of the immutable ID.

On Local AD power-shell, below will search for the AD object that match the immutableID value

$string=[system.convert]::FromBase64String(“ENTER_IMMUTABLE_ID_HERE”)
$hex = -join ($string | %{$_.tostring(“X”).padleft(2,”0″)})
$search = $hex -replace ‘(..)’,’\$1′
$adUser = Get-AdUser -LDAPFilter “(ms-ds-consistencyguid=$search)”

Once you’ve retrieve it, all you need to do is locate the OU where the object is and move it to a not-synced OU with o365 the perform AD-sync

Sample:

Machine generated alternative text:
6 
Connect-MS01 servi ce 
-Credential Scredenti al 
Facere Sionem> Set-MSOLuser 
Facere Sionem> Get—MSOLuser 
Windows PowerShell 
Sstr. system. convert : ;From8ase64Str1ng 
S hex 
= —join astring I 
$ s ear ch 
= Shex -replace , '\$I' 
$ aduser 
= Get—AdUser —LDAPFi Iter " 
PS C: \Users\rootvm\OneDrive 
PS C: \Users\rootvm\OneDrive 
-Userprincipa1Name ron( 
-Userprincipa1Name ron( 
Immutabl eld 
JONJIOM4CU+/JM5QcikQog 
C : users \ rootvm> 
C : \ Users 
Di ngui shedNæne 
Enabl ed 
Gi venName 
Name 
b j ectCl ass 
bj ectGUID 
SamAccountName 
SID 
PS C : 
: CV=Ron pugoy , OU=0365 Users , 
: True 
. Ron 
: Ron Pugoy 
user 
: 23498326-3843-4f09-bf24-ce50722910ü 
. ron 
: s-1-5-21-1324791489-3160699361-1173794010-1105 
Pugoy 
User-principalNæne : com 
File Action View 
PS C: \Users\rootvm\OneDrive 
Facere Sionem> 
Active Directo 
Help 
Name 
Builtin 
Computers 
Users and Computers 
Type 
Description 
Bernie Ferna„. Contact 
Domain Controllers 
ForeignSecurityPrinc• 
LostAndFound 
Managed Service Ac 
0365 Users 
Program Data 
Jasun 
8. 
P,cn Pugoy 
test 
test bin 
Test222 
User 
L'ser 
Distribution Gr... 
Contact 
Organizational...

Ref:

https://stackoverflow.com/questions/50638354/how-to-return-user-with-specific-ms-ds-consistencyguid-based-on-filter-query