In my previous post I wrote about how we can do Hard Match of objects in on-premise to the corresponding objects in the cloud through Dirsync.

In this post we will be looking into a simple way to generate Immutable ID that we used in Hard Match process.

Connect to the machine where we have AD installed. Open a cmd prompt with administrator credentials and run the below command

ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"

 

 

This command will give us an output file  export.txt that has all the user principal names and Immutable IDs of all objects that has UPN.

The output looks like this for each object

----------------------------------------------------
dn: CN=2013 OU=DirSynced OU DC=prakum DC=msftonlinerepro DC=com 
changetype: add     
objectGUID:: g8Pclm4vok+vFWtMERklmg==     
userPrincipalName: 2013@prakum.msftonlinerepro.com     
----------------------------------------------------

 

Now whichever object we want to do a hard match we just have to search for the object using UPN in the above text file and note down the corresponding objectGUID for that object.

We can use the objectGUID in the below command to set the immutable ID in the cloud for the object as below

Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId g8Pclm4vok+vFWtMERklmg==  

Here  User@domain.com is the UPN of the user who is in cloud and we want to sync the on-premise user to sync to.

 

Run Dirsync

Now force an Dirsync to connect the users 

 

Note: Due to replication and delay in onprem and cloud we might have to wait for some time and force Dirsync couple of times.