Hard matching in Office365

This article will help you to perform a hard match of an AD user with a cloud user when a soft match fails.
 Images you’ve embedded in your article could not be retrieved. Please edit your article and use the “Attach Image” feature to add your image(s).

Hard matching.
In some cases, if soft matching didn’t work we have to manually tag the immutable ID so that we can manage the account on-premise. I.e. Change the source of the authority manually so that cloud user can be managed from an on-premise AD using directory synchronization.

Hard matching can only be used when a user is initially created in the cloud. Once soft matching is done, the cloud user is bound to AD with an immutable ID instead of a primary email (SMTP) address.

A cloud user’s primary email (SMTP) address cannot update at the time of a soft matching process as the primary email (SMTP) address is the attribute used to link the on-premise AD user to the cloud user.

Start hard matching
Check the user sync status. We have a user testhardmatch@….sh.group.

Now get the immutable ID of the user from on-premise AD/Exchange Powershell.
Please run the following command from Powershell.

Connect to MSOL service and run the following command with the Immutable ID which copied from the output of the above command. In our case, zxfO6vF1mEG6ZufFSlzl0g== is the immutable ID.

Then run a delta sync from your ADSync/ADConnect server using the following command.

Now you can see the user sync status is changed from In cloud to Synced from on-Premises.
You can see the user testhardmatch@……sh.com is synced from on-premise.
You are done with hard matching.

Thanks for reading my article.
For softmatching please find the soft matching article

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*