This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 49%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
User account was deleted from onprem AD few days ago , and today we restored the user in AD and restored the mailbox from O365 admin console , yet the user is still showing sync status as cloud not as Synced
I deleted the user few days back and recreated from deleted items however
i found a way to do hard match is run the below command on your Sync Server.
$credential = Get-Credential
Connect-MsolService -Credential $credential
$ADUser = "username"
$O365User = "username@keyman "
$guid =(Get-ADUser $ADUser).Objectguid
$immutableID=[system.convert]::ToBase64String($guid.tobytearray())
Set-MsolUser -UserPrincipalName $O365User -ImmutableId $immutableID
Start-ADSyncSyncCycle -PolicyType Delta
I see the immutableID is the same for AD user object and O365 object? please help
yet the user is still showing sync status as cloud not as Synced
Could you provide detailed information about this one?
Could you see this mailbox with Get-RemoteMailbox in EMS? What is the RemoteRecipientType for this mailbox?
Any update about this thread now?
It's fixed ty
If it is convenient, I would suggest you share the solution here, it will be useful for other users to solve similar problems.
In hybrid environment, User account when moved from syncing OU to non-syncing OU, an Office 365 account will be deleted along with an Office 365 mailbox (Soft-delete).
It is recommended to move the user account back into Syncing OU from on premise, in order to restore the Office 365 account and a mailbox.
As long as the user account is moved back to syncing OU within 30 days, Office 365 mailbox along with the soft-deleted mailbox will be restored without taking any further actions from Office 365.
In case, after moving the user account into non-syncing OU, you restore the account from Office 365 the user account will now become a cloud only and will no be syncing from on premise.
To workaround this situation, we did the below steps:
$credential = Get-Credential
Connect-MsolService -Credential $credential
$ADUser = "username"
$O365User = "username@keyman "
$guid =(Get-ADUser $ADUser).Objectguid
$immutableID=[system.convert]::ToBase64String($guid.tobytearray())
Set-MsolUser -UserPrincipalName $O365User -ImmutableId $immutableID
Start-ADSyncSyncCycle -PolicyType Delta
This process is nothing but a hard-match.
In case object ID and the immutable ID is same for both the accounts (On premise and cloud account), you can just trigger a sync by making changes in few other user attributes which will help the end user account to be syncing from on premise again.
In case, you create a new user account in on premise, and want to match this with one of the cloud only account, in that case, you can perform, soft-match followed by hard match
Soft match- Through soft matching, an on-premises Active Directory user object is matched to an Azure AD user object, when:
The userPrincipalName attributes match
The userPrincipalName attribute for the on-premises user object matches with the e-mail address denoted with SMTP: in the proxyAddresses attribute of the Azure AD user object
The primary SMTP address (denoted with SMTP: in the proxyAddresses attribute) matches the userPrincipalName of the Azure AD user object
The process to hard match the accounts is mentioned.
I help you change this comment to an answer.