2
votes

We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this

{
"odata.error": {
    "code": "Request_ResourceNotFound",
    "message": {
        "lang": "en",
        "value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
    }
  }
}

Is there a way to make the on premise guid the same as the azure objectId during sync? Or are these two fields not related?

1

1 Answers

2
votes

The two are unrelated, and the Azure AD ObjectId is immutable.

If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.

More details: http://blogs.perficient.com/microsoft/2015/04/office-365-why-you-need-to-understand-immutableid/