Converting a Synced with Active Directory user to a InCloud user

Microsoft recently closed the loophole of deleting a AD user and restoring it in AzureAD/Office365 as a way of migrating user accounts to AzureAD.

Here is the currently supported method I was given by Microsoft Support and have successfully used.

Import-Module Azure 
$LiveCred = Get-Credential
Connect-MsolService -Credential $LiveCred

Set-MsolDirSyncEnabled –EnableDirSync $false
(I answered ‘y’ when prompted)

Wait until you stop getting the ADSynced user warning in the O365 portal when you try to edit a username, this takes around 10 minutes.

Set-MsolUser -UserPrincipalName test.user@example.com -ImmutableID ""

Wait 10 minutes.

Set-MsolDirSyncEnabled –EnableDirSync $true
(I answered ‘y’ when prompted)
This last step will take 6-8 hours-ish.

Once this is all finished and the sync re-starts you will see the user you cleared the ImmutableID for show as InCloud.

Adding a Azure AD user to local Administrators group

To add an additional administrator to an Azure joined computer.

1, Ensure the new AzureAD user has logged in then out.
2, Login as an admin (AzureAD or local account).

3, Run the following in CMD.

    net localgroup administrators AzureAD\UserAlias /add

4, The next time the user logs in they will have local admin rights.

Use the user alias, not the whole email address, remember that the user must have logged in previously to create a profile on the computer before you do anything.