Merging on-premise AD and AAD with existing users using AADSync

Hi everybody,

we try to introduce AADSync between an on-premise AD and an existing Azure AD. The problem is, users already exist in the Azure AD because of Exchange online.

While testing this scenario we ran into the problem, that on-premise and AAD users are not merged correctly, even if they have exactly the same attributes (surname, first name, display name, UPN).

user in AAD

After synchronizing, in AAD occures a second user, for example: In AAD exists a user test.user@test.onmicrosoft.com (UPN) and on-premise exists the same user. After the sync there are two users (the new looks like test.user1234@test.onmicrosoft.com).

Can anyone provide some hints where the problem could be? Maybe we have to change some sync-settings in the synchronization service or while setting up (see next screenshot)?

Sorry for the German screenshots and thanks for your help.

August 21st, 2015 1:01pm

Hi,

Greetings!!

Thanks for the posting your query here. With respect to the query, you may like go through this link for detailed information on Configure filtering for directory synchronization.

if this does not help then We will have to look into the %ProgramFiles%\Windows Azure Active Directory Sync folder and would need to deep dive into the issue to find the root cause.  So we would request you to create a Technical Ticket so that our engineers can help you appropriately, As this is beyond the purview of the Forums Support.

Best Regards
Prasandhi Kumar

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2015 3:42am

If the users already exist in Azure AD, you will have to do soft-matching based on the primary SMTP address attribute: https://support.microsoft.com/en-us/kb/2641663

Your other option is to use hard-match instead (matching objectGUID/ImmutableID): http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

August 22nd, 2015 5:13am

Hi,

This could be conflict issue. For this you can merge your licensed user on Azure AD with On prem user on basis of two methods :

1. Soft match

2. Hard match

But before this you would have to remove the unlicensed user as I think there is no signifcance in keeping up that.

Please download WAAD (Windows Azure Active Directory Module)Pwowershell and run the following command for removing the unlicensed user whose status is Synced with Active Directory.

1. Connect-Msolservice (login with Global Admin credentials of O365)

2. Remove-MsolUser -UserPrincipalName upn -Force

ex. Remove-MsolUser -UserPrincipalName test.user1234@test.onmicrosoft.com -Force

3. Remove-MsolUSer -UserPrincipalName test.user1234@test.onmicrosoft.com -RemoveFromRecycleBin -Force     // this to delete user from deleted bin as well

After this you can Do soft match or hard match(immutable ID match)

  • https://support.microsoft.com/en-us/kb/2641663
  • https://community.office365.com/en-us/f/613/t/349744 

In case if it above doesnt work you may create support ticket to get this fix by engineers.

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2015 5:39am

If the users already exist in Azure AD, you will have to do soft-matching based on the primary SMTP address attribute: https://support.microsoft.com/en-us/kb/2641663

Your other option is to use hard-match instead (matching objectGUID/ImmutableID): http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

August 22nd, 2015 9:11am

If the users already exist in Azure AD, you will have to do soft-matching based on the primary SMTP address attribute: https://support.microsoft.com/en-us/kb/2641663

Your other option is to use hard-match instead (matching objectGUID/ImmutableID): http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2015 9:11am

Hi,

This could be conflict issue. For this you can merge your licensed user on Azure AD with On prem user on basis of two methods :

1. Soft match

2. Hard match

But before this you would have to remove the unlicensed user as I think there is no signifcance in keeping up that.

Please download WAAD (Windows Azure Active Directory Module)Pwowershell and run the following command for removing the unlicensed user whose status is Synced with Active Directory.

1. Connect-Msolservice (login with Global Admin credentials of O365)

2. Remove-MsolUser -UserPrincipalName upn -Force

ex. Remove-MsolUser -UserPrincipalName test.user1234@test.onmicrosoft.com -Force

3. Remove-MsolUSer -UserPrincipalName test.user1234@test.onmicrosoft.com -RemoveFromRecycleBin -Force     // this to delete user from deleted bin as well

After this you can Do soft match or hard match(immutable ID match)

  • https://support.microsoft.com/en-us/kb/2641663
  • https://community.office365.com/en-us/f/613/t/349744 

In case if it above doesnt work you may create support ticket to get this fix by engineers.

August 22nd, 2015 9:36am

Hi,

This could be conflict issue. For this you can merge your licensed user on Azure AD with On prem user on basis of two methods :

1. Soft match

2. Hard match

But before this you would have to remove the unlicensed user as I think there is no signifcance in keeping up that.

Please download WAAD (Windows Azure Active Directory Module)Pwowershell and run the following command for removing the unlicensed user whose status is Synced with Active Directory.

1. Connect-Msolservice (login with Global Admin credentials of O365)

2. Remove-MsolUser -UserPrincipalName upn -Force

ex. Remove-MsolUser -UserPrincipalName test.user1234@test.onmicrosoft.com -Force

3. Remove-MsolUSer -UserPrincipalName test.user1234@test.onmicrosoft.com -RemoveFromRecycleBin -Force     // this to delete user from deleted bin as well

After this you can Do soft match or hard match(immutable ID match)

  • https://support.microsoft.com/en-us/kb/2641663
  • https://community.office365.com/en-us/f/613/t/349744 

In case if it above doesnt work you may create support ticket to get this fix by engineers.

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2015 9:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics