DirSync Soft Matching

August 15, 2017 | by iaur | posted as Active Directory, Azure AD

Scenario

  • You have an MSOL user to match with its Active Directory (AD) object
  • Your alias changes in your AD is not occur in Admin Center
  • You are having issue following DirSync soft matching found in Microsoft documentation

Steps

Soft-matching is another word for SMTP matching. In addition, it is a method to match on-premises user accounts to Office 365 user accounts for directory synchronization

In this example, we will use the made up object below to apply DirSync soft matching method.

  • dnunez@weeplaygames.xyz (Msol Cloud object)
  • Donna.nunez@weeplaygames.xyz (On-prem AD object)

Firstly, you will have to enable AD Users and Computer (ADUC) advance feature.

  1. Access your On-Prem Active Directory> ADUC
  2. View Tab> Advance Features should be checked
  3. Navigate to the impacted users account
  4. Right Click > Properties
Machine generated alternative text:
Published Certificates Member Of 
Donna Nunez Properties 
@ Never 
O End 
Password Replication Dial*n Object 
Security 
Environment 
Sessions 
Remote control 
Attributa Editor 
Remote Desktop Services Profile 
General Address Account 
user logon name: 
user logon nama (pra-mndows 2000) 
Profile Telephones Organization 
Unlock account 
Account Qptions 
user must change password at logon 
user cannot change password 
e] Password never expires 
Store password using reversible encryption 
Account expires 
Wednesday. Saptambar 13. 2017 
Bopfy

After that, apply or confirm below details in the Account & Attribute Editor tab.

  1. Go to account tab> Change user logon name to the cloud UPN
  2. Click on Attribute Editor > Change the following
    • Mail to dnunez@weeplaygames.xyz (Cloud)
    • userPrincipalName to¬† dnunez@weeplaygames.xyz (Cloud)
    • proxyAddress to SMTP:dnunez@weeplaygames.xyz (Cloud)
    • Target address to dnunez@weeplaygames.xyz (Cloud)
      • Note: SMTP is the primary
Machine generated alternative text:
Donna Nunez Properties 
Published Certificates Member Of Password Replication Dial*n Object 
Security 
Environment 
Sessions 
Remote control 
General Address Account 
Remote Desktop Services Profile 
Profile Telephones 
anization 
Attributa Editor 
display Name 
distinguishadName 
dSCore Propagation On 
given Name 
inst anceType 
last Logoff 
last Logon 
last Logon Timestamp 
egacyachangeDN 
Bgon Count 
mail Nickname 
ms ach ArchiveQuota 
ms ach ArchivaWam 
Donna Nunez 
CN=Donna Nunez 
5/12/201 7 AM Coordinated 
Donna 
(never) 
5/17/2017 AM Coordinated 
5/10/2017 73544 AM Coordinated Uni 
(FYD180H 
Donna Nunez@weeplaygames xyz 
Donna Nunez 
104857600 
94371840

Lastly, you will have to confirm the changes and force an AD connect synchronization.

  1. Click OK and Apply
  2. Run Delta Sync
    • On your Active Directory server
    • Open a PowerShell session
    • Type in: Start-ADSyncSyncCycle -Policytype Delta
  3. Check Synchronization Service > Exported (onmicrosoft.com) > Updates
  4. Ensure that 0 minute is showing as last sync time. On admin center > Home > DirSync Status card
dirsync soft matching

Still not matching? Try doing a Hard-Matching.

Reference