Replace AD user object and link back to 365 user #ImmutableID

 An odd situation occurred where I had to delete an AD user then recreate it and link it to the 365 user account.

Here are the steps.

1. Take a note of the AD user details.
2. Delete AD user
3. Run ADSync
4. The 365 user will have been deleted, un-delete the user on the 365 side.
5. Create a new AD user with the same properties as the old one.
6. In PowerShell: Connect-MsolService
7. In PowerShell: get-MsolUser -UserPrincipalName user@example.com | select ImmutableID
8. Copy the ID given and keep just in case.
9. On the AD server: make and run a PowerShell script with the following text

$Users=Get-ADUser -Filter *

function guidtobase64

{

param($str);

$g = new-object -TypeName System.Guid -ArgumentList $str;

$b64 = [System.Convert]::ToBase64String($g.ToByteArray());

return $b64;

}

$ADUsersDump=$Users | Select SamAccountName,UserPrincipalName,@{Expression={(guidtobase64($_.ObjectGUID))}; Label="ImmutableID"}

$ADUsersDump | Export-CSV -Path C:\temp\ImmutableIDs.csv

 

1. In PowerShell: set-MsolUser -UserPrincipalName user@example.com -ImmutableId ""
2. In PowerShell: Set-MsolUser -UserPrincipalName user@example.com -ImmutableId <ImmutableID from script output>
3. Run ADSync

You should now see that the user in 365 is a synced user again.