Converting Office365 Cloud Identities into Managed Identities

There are three core identity scenarios in Office365 as illustrated above. I created a previous blog post on how to covert cloud identities to federated identities which can be viewed HERE

To convert cloud identities to managed identities with password sync can be quite simple by changing the users UPN and also matching the user’s UPN with their primary smtp address.

However , How many time have you received the dreaded email from Microsoft like below

Sean
Ofarrell
Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:sean.ofarrell@contoso.com]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

So you search active directory and exchange online for conflicts but cant find any which will probably drive you CRAZY. So here is how to fix it.

I will demonstrate how to fix it for one user
It is very important that WAAD is not running when running these powershell commands.

The image below is a synchronization error message from sean.ofarrell@contoso.com in WAAD

So to fix this we copy the distinguished name and run the following command.

set-MsolUser -UserPrincipalName sean.ofarrell@contoso.com -ImmutableID JF9SbfTKlk2kMWlrce0fNA==

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s