Created
February 7, 2018 17:20
-
-
Save royashbrook/fa721fe857962de332f297cddcacb523 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#set the user to fix, this should match the duplicate that was sent from local AD | |
$sam = "user1" | |
$old = "$sam@olddomain.com" | |
$new = "$sam@newdomain.com" | |
#show the users | |
Get-MsolUser -UserPrincipalName $old | |
Get-MsolUser -UserPrincipalName $new | |
#remove the old user | |
Remove-MSOLuser -UserPrincipalName $old -Force | |
#remove it from recyclebin | |
Remove-MSOLuser -UserPrincipalName $old -RemoveFromRecycleBin -Force | |
#get the local ad guid | |
$guid = (get-Aduser $sam).ObjectGuid | |
##convert it to an immutableID | |
$immutableID = [System.Convert]::ToBase64String($guid.tobytearray()) | |
#set the proper immutableID for the cloud AD account | |
Set-MSOLuser -UserPrincipalName $new -ImmutableID $immutableID | |
#show users again | |
Get-MsolUser -UserPrincipalName $old #this should fail | |
Get-MsolUser -UserPrincipalName $new | |
# Don't forget to sync AD | |
Start-ADSyncSyncCycle -PolicyType Delta | |
# If you want to see more details on the AD Sync, try get-ad below, can turn on/off with first command | |
Set-ADSyncScheduler -SyncCycleEnabled $true | |
Start-ADSyncSyncCycle -PolicyType Delta | |
Get-ADSyncScheduler | |
# reset user password and force push to o365 | |
Set-ADAccountPassword user1 -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "plaintextpassword1" -Force ) | |
Set-ADAccountPassword user2 -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "plaintextpassword2" -Force ) | |
Start-ADSyncSyncCycle -PolicyType Delta |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment