How to check the Immutable ID/Source Anchor

This article expains how to check which attribute is used as the source anchor for the synchronization between Active Directory and Azure Active Directory.

PowerShell

0 – Install necessary PowerShell Modules, if needed.

Install-Module MSOnline
Import-Module MSOnline

1 – Get User Immutable ID from Azure.

Connect-MSOLService
Get-MsolUser -UserPrincipalName user@domain.tld | select ImmutableID

2 – Convert to GUID Format

[GUID][system.convert]::FromBase64String("User ImmutableID")

3 – Check against AD and check which one is corresponding

$User = Get-ADUser -Identity username -Properties mS-DS-ConsistencyGUID
[GUID]$User.'mS-DS-ConsistencyGUID'
$User.ObjectGUID

Azure AD Connect

1 – Go to Azure AD connect server and open Azure AD Connect

AzureADConnect-Anchor-Step1

2 – Click on Configure

AzureADConnect-Anchor-Step2

3 – Click on View current configuration then Next

AzureADConnect-Anchor-Step3

4 – In the Synchronization Settings, look for Source Anchor

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.