If you are having a problem soft matching Office 365 Users with AD connect you can Hard Match them by following the information below

  1. Move the troublesome user into an OU that is not being Synchronized
  2. Force AD Connect Synchronization
    1. Start-ADSyncSyncCycle –PolicyType initial
  3. Connect to Office365 Powershell and delete the deleted users from the Recycling Bin
    1. get-msoluser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
  4. Log into the Domain Controller and find the users ObjectGUID.
    1. Open an elevated Command Prompt
      1. ldifde -f export.txt -r “(Userprincipalname=*)” -l “objectGuid, userPrincipalName”
    2. Open the txt file and find the troublesome user. Copy their ObjectGUID
  5. Go back to the Office 365 Powershell and set the Cloud Users Immutable ID to match the ObjectGUID you just found
    1. Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId g9Pclm4vpk+vFWtMARklmg==
  6. Force AD Connect Synchronization
    1. Start-ADSyncSyncCycle –PolicyType initial
Advertisements