Wednesday, September 13, 2017

Resyncing previously synced account in Office 365 and synching a new account to an existing

If you read my previous article about my migration fiasco, you'll remember I pointed out that previously synced accounts are fubar'd and won't sync.
After some discussion with Microsoft, I was informed there is a source anchor/immutable ID that populates in synced accounts. This ties the account to the local On Premise AD account and won't let anything else connect.
In my case, the old "On Premise AD" was a cloud Okta server that we didn't have anymore. Luckily, these accounts transitioned to In Cloud (I don't remember if they went into a Soft Delete, but they probably did.)
The first tech I spoke with a while back gave me some pretty... scary solutions.
Option A would be to disable Azure sync for 3 DAYS and run a bunch of powershells.
Option B would be to delete the account in question, sync an account from the local ad and reattach the mailbox via powershell. Rendering all shares to this account useless. FUUUUUUAAAA.

Well, one of the accounts was my own and I Option B'd that muthafuka. 0/10 would not recommend.

This whole time I was like, can't we just get rid of that immutable ID? clear the flag? The MS guy said the only way would be to disable the Azure Sync for 24-36 hours...

Fast forward, and I found out this is not the case.
Once the account is in In Cloud status, you just have to run a simple powershell on the account.
You will have to do this through the Azure AD module for powershell  http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
And good luck with that. I have fully updated Windows 10 and it keeps saying I need Powershell 2.0 or higher... (if you have fixed this stupid error, please let me know, I gave up and set it up on my DC)

  • Run the command "Connect-MsolService". (Enter Global Admin credentials when prompted).
  • Check the details of a user with the below command:
  • Get-MsolUser -UserPrincipalName user@domain.com | FL
  • To remove the Immutable ID, run below command:
  • Set-MsolUser -UserPrincipalName user@domain.com -Immutableid ""
  • The above command will remove the Immutable ID for the user


At this point the account is ready to be synced with a new AD account on any local AD anywhere.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Samsung refrigerator not making ice

How I got my stupid fridge to work again. Normally, I press/hold the blue button till it chimes. Well that didn’t work this time. Darn. I re...

  • Vizio soundbar is blinking 2 dots
    Situation: Vizio sound bar works. But all of a sudden, no sound.  The movie is playing fine, but no sound. On the sound bar itself, two ind...
  • Dell 9020 3 displays
    I have a customer that would like 3 monitors, for whatever reason. The Dell 9020 is capable of this, and this is how I got it to work. No ...