Sometimes you cannot resolve a conflict between an on premise user and an existing Azure user - perhaps they were previously synced to another account or another domain.
To reset the ID perform the following in PowerShell:
- CONNECT-AZUREAD
- Get-AzureAdUser -SearchString "FIRST_NAME_HERE"
- Make a note of the object ID
- Set-AzureADUser -ObjectId OBJ_ID_HERE -ImmutableId "$null"
after this run the Sync again
If you want to force an Immutable ID from a local AD user on to a user in Azure, follow this:
- ldifde -f c:\gcs\export.txt -r "(userprincipalname=EMAIL_ADDRESS_HERE*)" -l "objectGuid, userprincipalname"
- NOTEPAD c:\gcs\export.txt
- Make a note of the GUID
- Open powershell
- CONNECT-MSOLSERVICE
- Set-MsolUser -UserPrincipalName EMAIL_ADDRESS_HERE -ImmutableId GUID_HERE