Office 365 - Immutable id behaviour clarification

Question

Hi in my test environment, i installed AADSync with "title" attribute as sourceAnchor attribute. (Just to test / understand behaviour)

Then i created two users with same title, say, "mytitle" and then started directory sync. At the end only first user got created in Azure AD.

Then i changed the second user title value to "mytitlechanged" and then started directory sync. At the end second user also got created in Azure AD.

Fine with above things,

but when i again changed back the second user title value to "mytitle", and then started directory sync. At the end second user in Azure AD still has the value "mytitlechanged" with Status as "Synced with Active Directory". Not able to understand why this happened. Kindly educate me. Thanks in Advance.

Praveen Kumar Praveen Kumar · Accepted Answer · 2015-05-13T09:51:36

Found reason:

When an object has been exported to Azure AD then it is not allowed to change the sourceAnchor anymore. When the object has been exported the metaverse attribute cloudSourceAnchor is set with the sourceAnchor value accepted by Azure AD. If sourceAnchor is changed and not match cloudSourceAnchor, the rule Out to AAD – User Join will throw the error sourceAnchor attribute has changed.

Reference: https://msdn.microsoft.com/en-us/library/azure/dn783470.aspx

Office 365 - Immutable id behaviour clarification

1 Answers