There are 2 types of matching we do during Dirsync
- Soft Match
- Hard Match
In this post we will see how to do Hard Match in Dirsync.
Post writing this post my colleague and friend Elvin pointed out that there was another easier way to find Immutable ID. I have covered that in the next post.
Click the above link to know more
Here are the broad level steps that we do to implement Dirsync between on-prem and cloud
- Get the ObjectGuid from the onpremise for the user
- Rearrange the ObjectGuid
- Convert the ObjectGuid to an ImmutableID
- Update the cloud user with the Immutable ID
- Run Dirsync
In the below post I have explained a easier way to do find out ImmutableID to do hard match. Once you get the immutable ID you can follow the other steps explained in this blog to hard match
https://wordpress.com/post/praveenkumare.wordpress.com/1564
Just for the curiosity of others, i have explained the legacy way below.
Get the ObjectGuid from the onpremise for the user
- Go to Adsiedit.msc
- Right click ADSI Edit and say Connect to and select “Default naming context”
- Double click the Domain partition and navigate to the OU the concerned user is present and select the user properties
- Copy the value of ObjectGuid to a notepad
Rearrange the ObjectGuid as shown below
ObjectGuid : 44 31 E2 46 77 83 3E 48 A8 7E B6 76 9D B6 2E ED
Group the GUID as shown here: 44 31 E2 46 77 83 3E 48 A8 7E B6 76 9D B6 2E ED
Rearrange Hexa bits within the group as done Here: 46 E2 31 44 83 77 48 3E A8 7E B6 76 9D B6 2E ED
Write the rearranged Bits as shown here : 46E23144–8377–483E–A87E-B6769DB62EED
Convert the ObjectGuid to an ImmutableID
Now that we have the object Guid in the format we want download the script from the link below that converts Object Guid to Immutable ID and vice versa
http://gallery.technet.microsoft.com/office/Covert-DirSyncMS-Online-5f3563b1/description
Right click on the downloaded Script and click properties and say Unblock
Now open a Windows powershell navigate to the place where the Script was saved
Invoke the script and pass the Guid ID we got from the above step
PS C:UserspraveenDesktopCAPImmutable ID> .GUID2ImmutableID.ps1
Value provided not in GUID or ImmutableID format.
Please Supply the value you want converted
Examples:
To convert a GUID to an Immutable ID: GUID2ImmutableID.ps1 ‘748b2d72-706b-42f8-8b25-82fd8733860f’
To convert an ImmutableID to a GUID: GUID2ImmutableID.ps1 ‘ci2LdGtw+EKLJYL9hzOGDw==’
PS C:UserspraveenDesktopCAPImmutable ID> .GUID2ImmutableID.ps1 46E23144-8377-483E-A87E-B6769DB62EED
ImmutableID
—————–
RDHiRneDPkiofrZ2nbYu7Q==
Update the cloud user with the Immutable ID
Now open Windows Azure Powershell for Office 365 and run the below command
Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId RDHiRneDPkiofrZ2nbYu7Q==
Here User@domain.com is the UPN of the user who is in cloud and we want to sync the on-premise user to sync to.
Run Dirsync
Now force an Dirsync to connect the users
Note: Due to replication and delay in onprem and cloud we might have to wait for some time and force Dirsync couple of times.
Modern 365 
Yes, we can do that. I found out a workaround that helps to do for all users with help of my friend. Will write a post on that soon.
LikeLike
Thanks Shivam
LikeLike
Hello Raymond, Please find the below link that talks about what you are looking for
http://blogs.technet.com/b/praveenkumar/archive/2014/08/10/how-to-do-hard-match-part-2.aspx
LikeLike
Thanks John and Dan
LikeLike
Good one praveen
LikeLike
Awesome Praveen. This helped me a lot
LikeLike
great stuff Praveen.
LikeLike
it worked but how we can do it for multiple users at a time, like first creating csvde file and importing using powershell..??
LikeLike
In my previous post I wrote about how we can do Hard Match of objects in on-premise to the corresponding
LikeLike
Great stuff Praveen! Please share with us the workaround to hard match for multiple users, looking forward for your new post 🙂
LikeLike
Another simple way to find a "one off" objectGUID is via Active Directory Users and Computers:
1. Enable Advanced Features
2. Open the user ID’s properties
3. Open the Attribute Editor tab
4. Filter by attributes with values
5. Find and copy the objectGUID from the list
LikeLike
Thanks David
LikeLike
how it works for mail contacts as well ? is it possible ?
LikeLike
I created a desktop tool to convert from objectGUID and Azure ImmutableID
http://ammarhasayen.com/2015/08/20/azure-guid-to-immutableid-and-vise-versa-desktop-app/
LikeLike
Hi,
Thanks for your blog indeed.
I was inspired to create desktop tool that converts from ObjectGUID in AD to ImmutableID in Azure and vise versa
http://ammarhasayen.com/2015/08/20/azure-guid-to-immutableid-and-vise-versa-desktop-app/
Thanks
LikeLike
Hi Praveen… i tried the method but I get the message ‘set-msoluser : Uniqueness violation. Property: SourceAnchor’
LikeLike
GET YOUR PROBLEM SOLVE TODAY WITH MY PROFESSION IN ANY SPIRITUAL SPELL OR ANY KIND OF PHYSICAL BATTLE THAT NEED, MY NAME IS DR SYLVESTER AND THIS IS MY EMAIL FOR CONTACT (stbenson391@gmail.com) OR YOU CAN FOLLOW HIM UP ON FACEBOOK BY MY NAME (SYLVESTER E BENSON)
ON FACEBOOK OR CALL ME ON MY MOBILE NUMBER +2348136090988, AM ALWAYS AVAILABLE TO RENDER YOU HELP WITH EXPERIENCE OF 32 YEARS IN SPELL CASTING AND HERBAL MEDICURE TO CURE ANY KIND OF DISEASE THAT YOU MAY HAVE, CONTACT ME ON ANY KIND OF ISSUES.
LikeLike
Nice Article Praveen !!
LikeLike
There are 2 types of matching we do during Dirsync
Soft Match
Hard Match
In this post we will see how to do Hard Match in Dirsync.
Post writing this post my colleague and friend Elvin pointed out that there was another easier way to find Immutable
LikeLike
Hi praveen i am following the above steps but i am getting bellow mentioned error. Can you please help me.
Set-MsolUser : Unable to update parameter. Parameter name: SourceAnchor.
At line:1 char:1
+ Set-MsolUser -UserPrincipalName test@test.com -ImmutableId MJhaBp/MjU6ZUa9rEL …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.PropertyNotSettableException,Microsoft.Online
.Administration.Automation.SetUser
LikeLike
I appreciate for this enlightening post.
LikeLike
Thanks Birendra
LikeLike
@Shiraz: about the message ‘set-msoluser : Uniqueness violation. Property: SourceAnchor’.
Yes, I had that error too, but after investigating the deleted user was still in the Deleted Users folder. I created this user multiple times, and when I checked the Deleted Users folder, the user was there 5 times. I deleted ALL users from the Deleted Users
folder, and then it worked.
LikeLike
Remove-Msoluser -Userprincipalname abc@domain.com -RemoveFromRecyclebin
LikeLike
Important: The “Sync Type” only changes from “in Cloud” to “Synced with Active Directory” if you change the password for the user in the AD.
Best regards,
João.
LikeLike