There are three core identity scenarios in Office365 as illustrated above. I created a previous blog post on how to covert cloud identities to federated identities which can be viewed HERE
To convert cloud identities to managed identities with password sync can be quite simple by changing the users UPN and also matching the user’s UPN with their primary smtp address.
However , How many time have you received the dreaded email from Microsoft like below
|Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:email@example.com]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.|
So you search active directory and exchange online for conflicts but cant find any which will probably drive you CRAZY. So here is how to fix it.
I will demonstrate how to fix it for one user
It is very important that WAAD is not running when running these powershell commands.
The image below is a synchronization error message from firstname.lastname@example.org in WAAD
So to fix this we copy the distinguished name and run the following command.
set-MsolUser -UserPrincipalName email@example.com -ImmutableID JF9SbfTKlk2kMWlrce0fNA==