Announcement: Need a free practice exam or an interactive mocks material for a Microsoft certification? Click here to use the MS Forms I've created previously.
AAD Connect (DirSync) Soft-Matching
August 15, 2017 | by iaur | posted as Active Directory, Azure AD
Scenario
- You have an MSOL user to match with its Active Directory (AD) object
- Your alias changes in your AD is not occur in Admin Center
- You are having issue following DirSync soft matching found in Microsoft articles
Steps
AAD Connect (DirSync) Soft-Matching is another word for SMTP matching. In addition, it is a steps to match on-premises user accounts to Office 365 user accounts for AD sync
In this example, we will use the made up object below to apply AAD Connect (DirSync) Soft-Matching steps.
- dnunez@weeplaygames.xyz (Msol Cloud object)
- Donna.nunez@weeplaygames.xyz (On-prem AD object)
Firstly, you will have to enable AD Users and Computer (ADUC) advance feature.
- Go to your On-Prem AD > ADUC
- View Tab> Advance Features should be checked
- After that, locate to the target users account
- Right Click > Properties
After that, apply or confirm below details in the Account & Attribute Editor tab.
- Go to account tab
- After that, change user logon name to the cloud UPN
- Click on Attribute Editor
- After that, change the following
- Mail to dnunez@weeplaygames.xyz (Cloud)
- userPrincipalName to dnunez@weeplaygames.xyz (Cloud)
- proxyAddress to SMTP:dnunez@weeplaygames.xyz (Cloud)
- Target address to dnunez@weeplaygames.xyz (Cloud)
- Note: SMTP is the primary
Lastly, you will have to confirm the changes and force an Azure AD (AAD) connect sync.
- Click OK and Apply
- After that, run Delta Sync
- On your AD server
- Open a PowerShell session
- Type in: Start-ADSyncSyncCycle -Policytype Delta
- Check Synchronization Service > Exported (onmicrosoft.com) > Updates
- Lastly, ensure that 0 minute is showing as last sync time. On admin center > Home > DirSync Status card
Still not matching? Try doing a Hard-Matching.