-
Title
Questions around the Azure AD Connector and immutableID (FAQ) -
Description
Questions around the Azure AD Connector and immutableID:
Can the immutableID be set by an initial template?
In case the immutableID is set, which kind of Azure AD identity is created?Can the immutableID be set during the creation of an account without synchronizing the information of a local AD object and just sync the Azure AD environment by a simple synchronization project? -
Resolution
Can the immutableID be set by an initial template?
Yes. This property points to the local AD account. Anywhere in the config of Azure AD Connect you can define with a property it matches, default: base64 coded ObjectGUID. So if the ObjectGUID of the local account is known you could write this value to the immutableID in the Azure AD account.
In case the immutableID is set, which kind of Azure AD identity is created?
Until the next Azure AD sync it's a "cloud account" only. The next Azure AD sync will notice that the cloud account is already connected to a local account and will change the type of the cloud user.
Can the immutableID be set during the creation of an account without synchronizing the information of a local AD object and just sync the Azure AD environment by a simple synchronization project?
Yes, you don't need to sync the local domain. All that you need to know is the ObjectGUID of the local account.