top of page
  • Writer's picture Deepak Yadav

Duplicate accounts in Office 365 and Azure AD

Updated: Jan 29, 2023

ove the Local AD user to the Lost & Found OU or Unsync OU like below. Move user training from OU to LOST AND FOUND.

Run power shell as administrator access on machine where AZURE AD CONNECT installed in network.

Make Sure the result is success.

Hard delete user in Azure Active Directory > Users > Deleted user > Select the duplicate then permanently delete.

Click on admin on office 365 and click show all below for AZURE ACTIVE DIRECTORY

On Azure Active Directory, Click on USERS and then click on Deleted Users and select user in delete tab and remove permanently.

  1. Connect to the machine where we have AD installed. Open a cmd prompt with administrator credentials and run the below command

    • ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"

This command will give us an output file export.txt that has all the user principal names and Immutable IDs of all objects that has UPN. The output looks like this for each object

dn: CN=2013 OU=DirSynced OU DC=prakum DC=msftonlinerepro DC=com

changetype: add

objectGUID:: g8Pclm4vok+vFWtMERklmg==

1. Now whichever object we want to do a hard match we just have to search for the object using UPN in the above text file and note down the corresponding objectGUID for that object

  1. Launch Power shell as admin where AZURE AD CONNECT is installed on machine in your network then open power shell as administrator and run Connect-MSolService and log in as the Office 365 admin

    • If you haven't connected to the MsolService, Install the 64-bit version of the Microsoft Online Services Sign-in Assistant: Microsoft Online Services Sign-in Assistant for IT Professionals RTW.

    • Launch Powershell then run Install-Module MSOnline command.

    • If prompted to install the NuGet provider, type Y and press ENTER.

    • If prompted to install the module from PSGallery, type Y and press ENTER.

1. Using power shell command below, change the email address and the immutable ID to the object ID to perform a hard match

  • Set-MsolUser -UserPrincipalName -ImmutableId g8Pclm4vok+vFWtMERklmg==

Move the local AD user from the lost and found to the syncing OU

1. Run a Delta Sync then open Synchronization manager if the sync has finished



Commenting has been turned off.
bottom of page