{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 够拽才男人 的问题《On premise Active Directory ObjectId is different》','https://www.manongdao.com/q-855869.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this
{
"odata.error": {
"code": "Request_ResourceNotFound",
"message": {
"lang": "en",
"value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
}
}
}
Is there a way to make the on premise guid the same as the azure objectId during sync? Or are these two fields not related?
The two are unrelated, and the Azure AD ObjectId is immutable.
If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.
More details: http://blogs.perficient.com/microsoft/2015/04/office-365-why-you-need-to-understand-immutableid/