Hard-Matching

September 14, 2017 | by iaur | posted as Active Directory, Azure AD

  • Remove / move AD user from synced OU
  • Go to Admin Portal > Restore the deleted user so that it will show in the active user as an In-Cloud user
  • Run the following scripts below on a regular PowerShell on your AD
Import-Module ActiveDirectory
Import AD Module
Get-ADUser -Identity “UserName
Check if the user is identifiable
Administrator: Windows PowerShell 
Sin Ows PowerS e 
opyright (C) 2014 Microsoft Corporation. All rights reserved. 
PS Import-Module ActiveDirectory 
PS C: \ Get-ADUser -Identity "userl" 
DistinguishedName : 
Enabled 
i venName 
Name 
bj ectCI ass 
bj ectGLlID 
SamAccount Name 
SID 
Surname 
UserPrincipaIName : 
CN=user X=faceresionen, X=xyz 
True 
user 
. user I 
user 
c683doc3-1417-4ba9-9688-b19b6cff09a7 
. userl 
: s-1-5-21-3399392504-4268172430-282762472-2605 
userl@faceresionen. xyz
$guid = (get-Aduser UserName).ObjectGuid
Convert and encapsulate the ObjectGuid to and ImmutableID
$immutableID = [System.Convert]::ToBase64String($guid.tobytearray())
S Squid = (get-Aduser userl) . ObjectGuid 
S SimmutabIeID — 
[Systen. Convert] : :T08ase64Stri ng(Sguid. tobytearray()) 
S SimmutabIeID 
gcoxhcuquuwi LGbbP8Jpw=
  • Connect to O365 Online
Connect-MSOLService
Set-MSOLuser -UserPrincipalName clouduserUPN -ImmutableID $immutableID
PS Connect-MSOLService 
PS Set-MSOLuser -UserPrincipaIName userl@faceresionen.xyz -InnutabIeID w9CDxhcLlqLluWiLGbbP8Jpw=
  • Move the affected AD users back from the OU “NotSynced” to a synced OU
    1. Open Active Directory Users and Computers
    2. Move the users from NotSynced to a synced OU
    3. Run delta sync in Windows Powershell (or Azure AD Powershell)
Start-ADSyncSyncCycle -Policytype Delta
  • Verify in the Office 365 Admin Portal if duplicates are gone and users are in the format:

user@domain.com (synced with AD)

Machine generated alternative text:

Hard Match:

https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/duplicate-attributes-prevent-dirsync#method-2-map-an-existing-on-premises-user-to-an-azure-ad-user

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts

https://docs.microsoft.com/en-us/archive/blogs/praveenkumar/how-to-do-hard-match-in-dirsync

https://docs.microsoft.com/en-us/archive/blogs/praveenkumar/how-to-do-hard-match-part-2

https://cryptii.com/pipes/base64-to-hex