Microsoft Entra /Azure Connect Reinstallation and Source Anchor Change
Hello everyone,
I would like to talk about the possibility of changing the SourceAnchor in Azure Connect.
Officially, this is not supported by Microsoft, but there is still a way to do this via a few detours.
the running AD Sync must be stopped first of all.
to make the changeover, all users must first be soft-deleted. The most practical way to do this is to synchronize an OU in which there are no users.
Now the Entra objects are stored under deleted It is important to note that before restoring the users who do not have an Exchange Online mailbox, Entra P1 or 2 must be removed so that a second mailbox is not created here.
Now all users must be restored.
After this has been done, the Immutable id of the users must be removed via PowerShell.
This is possible with the following command:
Get-MsolUser -all | Set-MsolUser -ImmutableID “$Null” (If this command is required for individual users, replace -all with -userpricipalname “example@email,de”)
If the Immutable Id has been removed for all users, the status in Entra must be set to Cloud Only. If this is the case, you can start with the next steps.
It is important to note that the actions carried out above can lead to short-term failures and should therefore ideally be carried out before the weekend!
In the next step, a clean uninstallation of Azure Connect must be carried out.
Here I would recommend the article ADsync uninstallation from MSXFAQ where it is well explained.
When uninstalling, only the steps that do not hinder a new installation should be carried out, but this is well explained in the article.
after successfully uninstalling the AD Sync, there may be delays, which is why I would recommend waiting 24 hours before reinstalling.
The waiting time can be skipped, but it still worked for me.
as soon as you have installed the AD Sync with the new desired attribute, you can start the sync.
The users should now be matched with the existing cloud objects via Softmatch.
If this does not work, it is possible to delete the Immutable ID again or to correct the errors via the AD Connect error display of the Entra ID.
Under the function other errors, several errors may be displayed, this was fixed by us by fixing all duplicate attribute errors.
I hope this has helped you a little.
I am always open to feedback!
Hello everyone, I would like to talk about the possibility of changing the SourceAnchor in Azure Connect. Officially, this is not supported by Microsoft, but there is still a way to do this via a few detours. the running AD Sync must be stopped first of all. to make the changeover, all users must first be soft-deleted. The most practical way to do this is to synchronize an OU in which there are no users. Now the Entra objects are stored under deleted It is important to note that before restoring the users who do not have an Exchange Online mailbox, Entra P1 or 2 must be removed so that a second mailbox is not created here. Now all users must be restored. After this has been done, the Immutable id of the users must be removed via PowerShell. This is possible with the following command: Get-MsolUser -all | Set-MsolUser -ImmutableID “$Null” (If this command is required for individual users, replace -all with -userpricipalname “example@email,de”) If the Immutable Id has been removed for all users, the status in Entra must be set to Cloud Only. If this is the case, you can start with the next steps. It is important to note that the actions carried out above can lead to short-term failures and should therefore ideally be carried out before the weekend! In the next step, a clean uninstallation of Azure Connect must be carried out. Here I would recommend the article ADsync uninstallation from MSXFAQ where it is well explained. When uninstalling, only the steps that do not hinder a new installation should be carried out, but this is well explained in the article. after successfully uninstalling the AD Sync, there may be delays, which is why I would recommend waiting 24 hours before reinstalling. The waiting time can be skipped, but it still worked for me. as soon as you have installed the AD Sync with the new desired attribute, you can start the sync. The users should now be matched with the existing cloud objects via Softmatch. If this does not work, it is possible to delete the Immutable ID again or to correct the errors via the AD Connect error display of the Entra ID. Under the function other errors, several errors may be displayed, this was fixed by us by fixing all duplicate attribute errors. I hope this has helped you a little. I am always open to feedback! Read More
