Converting Office365 Cloud Identities into Managed Identities

There are three core identity scenarios in Office365 as illustrated above. I created a previous blog post on how to covert cloud identities to federated identities which can be viewed HERE

To convert cloud identities to managed identities with password sync can be quite simple by changing the users UPN and also matching the user’s UPN with their primary smtp address.

However , How many time have you received the dreaded email from Microsoft like below

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses]. Correct or remove the duplicate values in your local directory. Please refer to for more information on identifying objects with duplicate attribute values.

So you search active directory and exchange online for conflicts but cant find any which will probably drive you CRAZY. So here is how to fix it.

I will demonstrate how to fix it for one user
It is very important that WAAD is not running when running these powershell commands.

The image below is a synchronization error message from in WAAD

So to fix this we copy the distinguished name and run the following command.

set-MsolUser -UserPrincipalName -ImmutableID JF9SbfTKlk2kMWlrce0fNA==

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s