Announcement: Need a free practice exam or an interactive mocks material for a Microsoft certification? Click here to use the MS Forms I've created previously.
July 31, 2020 | by iaur | posted as Active Directory, Azure AD
Do a ConsistencyGUID search of a specific AD object.
Firstly, you don’t have to really merge these and there’s no way to really do that. Both MSOL user are synced with AD consequently, the question is who is to retain and obviously it would be the licensed account.
That is to say, you just need to find the equivalent AD object of the unlicensed MSOL user by doing a ConsistencyGUID (mS-DS-ConsistencyGUID) search and move it away from the syncing OU. Therefore, will delete it from O365 and will no show showing in the Admin center under active user.
# user@domain.onmicrosoft.com is the unlicensed user
Get-MSOLuser -UserPrincipalName user@domain.onmicrosoft.com | fl name,immutableID
# ENTER_IMMUTABLE_ID_HERE is the ImmutableID from the previous steps
$string=[system.convert]::FromBase64String("ENTER_IMMUTABLE_ID_HERE")
$hex = -join ($string | %{$_.tostring("X").padleft(2,"0")})
$search = $hex -replace '(..)','\$1'
$adUser = Get-AdUser -LDAPFilter "(ms-ds-consistencyguid=$search)"
Screenshot: