Match OnPrem Active Directory users to existing Office365 Users
Entry posted by proximagr ·
1368 views
<p>Lets say you have an Office 365 account and cloud only users with mailboxes and now you decide that you want to sync it and match the Office 365 users with your Active Directory users.</p>
<p>I prepared a lab with one DC and I created a trial Office 365 E3 account with custom domain. I created users with the same username to both. At Active Directory I set the UPN to match the Office 365 user name and also added the email address.</p>
<p>Next I enabled directory synchronization from Office 365 and installed Azure AD Connect to DC2. After the initial sync i got this error:</p>
<p><em>Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [Mail [email protected];].</em></p>
<p>I realized that Office 365 could not map the users, it was trying to create new. So there must be an attribute that needs correction. The solution came form the following blog:</p>
<p>http://blogs.4ward.it/how-to-map-onprem-active-directory-users-to-existing-office365-users/</p>
<p>and specifically at the “manual match method” section:</p>
<p><em>In order to match the user with the cloud user you have to set the Immutable ID of onPremise Active Directory user’s ObjectGUID to the immutableID value of the Office365 user.</em><br /><em>To retrieve the ObjectGUID you can use the following command:</em></p>
<p><em>Ldifde –d “CN=xxx…,OU=xxx,DC=xxxx,DC=xx” –f c:tempexportuser1.txt</em></p>
<p><em>“CN=xxx…,OU=xxx,DC=xxxx,DC=xx” is the distinguished name of the user. You can use ADSIEdit or the AD Users & Computer (attribute editor) to find this value</em></p>
<p><em>In the Textfile exportuser1.txt look for the ObjectGUID. You will find a string like z2Xbu0xFTUapOeDqHRTN1A==</em></p>
<p><em>Then connect to Windows Azure Active Director and use the command</em></p>
<p><em>set-MsolUser -UserPrincipalName [email protected] -ImmutableId z2Xbu0xFTUapOeDqHRTN1A==</em></p>
<p>After that I just forced a delta sync “Start-ADSyncSyncCycle -PolicyType Delta” , the sync was successful and the users in Office 365 changed from “In Clout” to “Synced with Active Directory”</p>
<p> </p>
<p><a href="http://www.e-apostolidis.gr/wp-content/uploads/2016/07/How-to-Map-OnPrem-Active-Directory-users-to-existing-Office365-Users.pdf">Howto Map OnPrem Active Directory users to existing Office365 Users</a></p>
<p>source: http://blogs.4ward.it/how-to-map-onprem-active-directory-users-to-existing-office365-users/</p>
<p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Foffice-365%2Fmatch-onprem-active-directory-users-existing-office365-users%2F&linkname=Match%20OnPrem%20Active%20Directory%20users%20to%20existing%20Office365%20Users"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Foffice-365%2Fmatch-onprem-active-directory-users-existing-office365-users%2F&linkname=Match%20OnPrem%20Active%20Directory%20users%20to%20existing%20Office365%20Users" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Foffice-365%2Fmatch-onprem-active-directory-users-existing-office365-users%2F&title=Match%20OnPrem%20Active%20Directory%20users%20to%20existing%20Office365%20Users" id="wpa2a_6"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/office-365/match-onprem-active-directory-users-existing-office365-users/">Match OnPrem Active Directory users to existing Office365 Users</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>
<a href="http://www.e-apostolidis.gr/microsoft/office-365/match-onprem-active-directory-users-existing-office365-users/"class='bbc_url' rel='nofollow external'>Source</a>
0 Comments
Recommended Comments
There are no comments to display.