AAD Connect (DirSync) Soft-Matching

August 15, 2017 | by iaur | posted as Active Directory, Azure AD

Scenario

• You have an MSOL user to match with its Active Directory (AD) object
• Your alias changes in your AD is not occur in Admin Center
• You are having issue following DirSync soft matching found in Microsoft articles

Steps

AAD Connect (DirSync) Soft-Matching is another word for SMTP matching. In addition, it is a steps to match on-premises user accounts to Office 365 user accounts for AD sync

In this example, we will use the made up object below to apply AAD Connect (DirSync) Soft-Matching steps.

• dnunez@weeplaygames.xyz (Msol Cloud object)
• Donna.nunez@weeplaygames.xyz (On-prem AD object)

Firstly, you will have to enable AD Users and Computer (ADUC) advance feature.

1. Go to your On-Prem AD > ADUC
2. View Tab> Advance Features should be checked
3. After that, locate to the target users account
4. Right Click > Properties

After that, apply or confirm below details in the Account & Attribute Editor tab.

1. Go to account tab
2. After that, change user logon name to the cloud UPN
3. Click on Attribute Editor
4. After that, change the following
   • Mail to dnunez@weeplaygames.xyz (Cloud)
   • userPrincipalName to  dnunez@weeplaygames.xyz (Cloud)
   • proxyAddress to SMTP:dnunez@weeplaygames.xyz (Cloud)
   • Target address to dnunez@weeplaygames.xyz (Cloud)
     • Note: SMTP is the primary

Lastly, you will have to confirm the changes and force an Azure AD (AAD) connect sync.

1. Click OK and Apply
2. After that, run Delta Sync
   • On your AD server
   • Open a PowerShell session
   • Type in: Start-ADSyncSyncCycle -Policytype Delta
3. Check Synchronization Service > Exported (onmicrosoft.com) > Updates
4. Lastly, ensure that 0 minute is showing as last sync time. On admin center > Home > DirSync Status card

Still not matching? Try doing a Hard-Matching.

Reference

• support.microsoft.com