question

GaetanWalraet-7258 avatar image
0 Votes"
GaetanWalraet-7258 asked ·

Azure AD Connect - procedure to change source of anchor from ObjectSID to Ms-DS-ConsistencyGUID

Hello,

We are an organization of + 1000 users with ADs (domain and subdomains) linked to Azure AD via Azure Ad Connect.

Currently the anchor source is Object*SID*, UPN = mail and Hybrid Exchange.

We would like to change it to MS-DS-ConsistencyGUID in order to be able to move objects easily between ADs without impacting the Azure AD accounts.

We have found documentation about changing the anchor source for ObjectGUID attributes to MS-DS-ConsistencyGUID but not much for attributes other than ObjectGUID.

I have read and tested several ideas but nothing is 100% risk free.

For you, what is the best procedure to change this anchor source without loss of connection/identification for the end user (on Office 365 for example)?

azure-ad-connect
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm reaching within the product team and will come back to you.

1 Vote 1 ·

Hi @Alfredo ,

Any news?

Thanks for your feedback.

0 Votes 0 ·
ZollnerD avatar image
0 Votes"
ZollnerD answered ·

It isn't possible to change the sourceAnchor designation without reinstalling AAD Connect, except when doing the predefined path of Object*GUID* to mS-DS-ConsistencyGUID.

To accomplish this with zero risk, it won't be a simple task, unfortunately. As Alfredo said, your best bet here is to open a support case via portal.azure.com and someone can walk through the options with you.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaetanWalraet-7258 avatar image
0 Votes"
GaetanWalraet-7258 answered ·
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alfredorevilla-msft avatar image
1 Vote"
alfredorevilla-msft answered ·

@GaetanWalraet-7258 to better address your scenario please create a support request.


· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaetanWalraet-7258 avatar image
0 Votes"
GaetanWalraet-7258 answered ·

Thank you for your answers.
Indeed, it is not possible to change the source without reinstalling the Azure Ad connect on another server.
I therefore opted for another solution to migrate my users by changing the immutable IDs by scripting.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.