Look up the AD user’s GUID and set their cloud account’s immutable ID to it and Office 365 will match them and convert it to AD-synced:
- Keep user in non-syncing OU
- Update UserPrincipalName, Mail, Mailnickname, Proxyaddress attributes and email address in General tab
- Look up user’s AD GUID (run from a DC, change [email protected] to the user you’re looking up):
ldifde -f c:\export.txt -r “([email protected])” -l “objectGuid, userPrincipalName”
4. Run PowerShell, connect to the 365 tenant, and then change the user’s 365 account’s immutable ID to their AD GUID (change the Immutable ID below to what was found in export.txt above and change [email protected] to the user you’re matching):
Set-MsolUser -UserPrincipalName [email protected] -ImmutableId DRhSCJyAdEaQRQfepR8Z4Q==
5. Move the user to a syncing OU and sync to Office 365.
6. Verify the user is now synced to AD by confirming there is a ‘directory’ icon instead of a ‘cloud’ icon next to their name in the Office 365 admin portal. If their account is still designated as cloud and 365 created a new AD synced account for them with a ‘random’ name, then it didn’t match properly – move the AD account out of the syncing OU, sync so that it gets deleted and troubleshoot.
Jason works as a project specialist at an IT MSP in Pennsylvania, USA. He’s an IT/security professional with 20 years experience.