Many a times we come across a scenario where we are confused which on-prem user is mapped to which user in Office 365.

This happens more in today’s world where there is lot of acquisitions and consolidations of Organizations resulting in consolidation of Office 365 Tenants.

One of the steps during consolidation is to extract users from on-prem/Office 365 of source and create them in on-prem in Destination. And later have the details synced to Office 365 of destination.
Now if we have duplicates from source to the objects that is already in destination in terms of Name, Displayname, UPN prefix etc, till we complete the cutover of vanity domains from source to destination we will not be sure which UPN in cloud corresponds to which user in destination.

 

 

Consider the below example

 

Source Tenant : PraveenSource.onmicrosoft.com

Destination Tenant : PraveenDestination.onmicrosoft.com

 

 

Source object created in destination

GivenName         : Praveen

Name              : Praveen Kumar

ObjectClass       : user

SamAccountName : Prakum

 

 

Objects already in destination tenant

 

DistinguishedName : CN=Praveen Kumar,OU=Bangalore City,OU=Tea Users,DC=ad,DC=Tea,DC=Coffee

Enabled           : True

GivenName         : Praveen

Name              : Praveen Kumar

ObjectClass       : user

ObjectGUID        : 9aa4536a-01c9-34c2-99ff-c1223bcd8c27

SamAccountName    : Prakum

SID               : S-1-5-21-1955343591-1955343591-1955343591-4597

Surname           : Kumar

UserPrincipalName : Prakum@Bangalore.com

 

DistinguishedName : CN=Prakum_7543e5f5f9,OU=Monday User,DC=ad,DC=Tea,DC=Coffee

Enabled           : True

GivenName         : Praveen

Name              : Prakum_7543e5f5f9

ObjectClass       : user

ObjectGUID        : 7d5a97a5-bad8-43a0-8c83-9d8e2abcdc4

SamAccountName    : Prakum1

SID               : S-1-5-21-1955343591-1955343591-1955343591-1234

Surname           : Kumar

UserPrincipalName : Prakum@Tea.Coffee

 

DistinguishedName : CN=Prakum,OU=Monday User,DC=ad,DC=Tea,DC=Coffee

Enabled           : True

GivenName         : Accounts

Name              : Prakum

ObjectClass       : user

ObjectGUID        : a995ce02-8a25-4979-a8ed-4abf80a12dac

SamAccountName    : Prakum2

SID               : S-1-5-21-1955343591-1955343591-1955343591-3535

Surname           : Pay

UserPrincipalName : Prakum@Monday.com

 

 

Now we have 3 objects in Office 365 of destination

Prakum@PraveenDestination.onmicrosoft.com

Prakum4901@PraveenDestination.onmicrosoft.com

Prakum2735@PraveenDestination.onmicrosoft.com

 

 

As you can see there is no direct easy way of deciding which user is which and UPN is the only easy way to determine, but as discussed above UPN is not an option until vanity domain is available in Office 365. And before the vanity domain is available we will have to perform the below
1)    Map source mailbox to destination mailbox to perform the migration

Work on group creation and membership

Or any other activities that involves UPN in format of alias@domain.onmicrosoft.com

 

 

 

 

There may be many solutions, but the one worked for me best is this.

First extract the details in source Tenant:

 

If the objects that you have created are located in a particular OU you can use the below command

$Path = ‘M:\<locationof the csv created in the above step>\Remotemailbox.csv’

Get-ADUser -Filter * -SearchBase “<OU where the users are present>” | Select-object DistinguishedName, Name, UserPrincipalName | Export-Csv -NoType $ExportPath

 

 

Post that add the below columns to the csv and save the csv

OnpremObjectGuid, OnpremSAMAccountname, OnpremConvertedImmutableID

 

Or

 

If you have a CSV of the users that you have created add the below columns to the csv and run the below script.

OnpremObjectGuid, OnpremSAMAccountname, OnpremConvertedImmutableID

 

Now run the below script to convert the on-prem Objectguid to immutableID.

 

$script:nl = “`r`n”

$nl

$script:csvfile  = “M:\<locationof the csv created in the above step>\Remotemailbox.csv”

$csv = Import-Csv $csvfile

 

foreach ($remote in $csv)

{

$upn = $remote.UserPrincipalName

$a=get-aduser -filter{UserPrincipalName -eq $upn}

 

$remote.OnpremObjectGuid = $a.ObjectGUID

$remote.OnpremSAMAccountname = $a.SamAccountName

$guid = $a.ObjectGUID

$bytearray = $guid.tobytearray()

$remote.OnpremConvertedImmutableID =[system.convert]::ToBase64String($bytearray)

}$csv | Export-Csv $script:csvfile -NoTypeInformation

 

 

 

 

 

Now open the above updated csv and add the below column headers CloudImmutableID, CloudObjectGuid, Office365UserPrincipalName  and save it.

 

Now connect to AzureAD powershell and run the below script to search these users based on ImmutableID in office 365 and update the information in csv.

 

 

$script:nl = “`r`n”

$nl

$script:csvfile  = “M:\<locationof the csv created in the above step>\Remotemailbox.csv”

$csv = Import-Csv $csvfile

$i =1

foreach ($remote in $csv)

{

if($remote.Office365UserFound -ne “TRUE”)

   {

       $onpremImmutableID = $remote.OnpremConvertedImmutableID

         $a =Get-AzureADUser -Filter “startswith(ImmutableId,’$onpremImmutableID’)”

            if($a)

            {

            $remote.Office365UserFound =”TRUE”

            $remote.CloudImmutableID = $a.ImmutableID

            $remote.CloudObjectGuid = $a.ObjectId

            $remote.Office365UserPrincipalName = $a.UserPrincipalName

             }           

   }

   Write-host $i

   $i = $i+1

}$csv | Export-Csv $script:csvfile -NoTypeInformation

 

 

 

 

This is the efficient way I found.

 

Alternatively you can try the below in Office 365 powershell, but it takes a lot of time and if you have a huge number of user in Office 365 it wont give you the information faster.

get-msoluser -all | Where-Object {$_.ImmutableId -eq “eiHDBHKUHDUm76fVliQCLw==”} | select userprincipalname 

 

 

–   Praveen Kumar E     

www.Modern365.co.in