If your Directory Synchronization setting is done from scratch (there are no users on O365 yet), Azure AD Connect is quite straightforward: local objects (and passwords if you chose this option) will be synchronized, where you can later assign services to user accounts.

The problem arises when there are already users in O365 who are also in Active Directory, and there has been no sync between them.

In these cases, it is necessary to create a matching mechanism between local accounts and the accounts in O365. There are two types to create this match:

  1. Soft match (also known as SMTP matching)
  2. Hard match (by immutableID).

The solution we used in our environment was 2- hard match, and this is the script we used:

$credential = Get-Credential


Connect-MsolService -Credential $credential
$ADUser = "username"
$365User = "username@emaildomainname.com"
$guid =(Get-ADUser $ADUser).Objectguid
$immutableID=[system.convert]::ToBase64String($guid.tobytearray())
Set-MsolUser -UserPrincipalName "$365User" -ImmutableId $immutableID

Ready to enhance your SharePoint experience?

Contact us for:

  • Intranet and Portals: Personalized solutions just for you.
  • Application Development: Intuitive, scalable, and secure solutions.
  • Consultancy Services: Expert advisory solutions.
  • Outsourcing: Maximize productivity.
  • Support and Maintenance: Keep your applications running seamlessly.
 

If you are interested in learning more about us and how we can help you, contact us. 

You can also check out our blog for more articles and insights on  Microsoft 365 technologies.