

The following command gets on-premises Azure AD users and exports a list of their objectGUID values and ImmutableID values already calculated to a CSV file. ::ToBase64String(($objectGUID).ToByteArray())īefore you move to Azure AD Connect, it's critical to validate that the ImmutableID values in Azure AD match their on-premises values. To test an individual value, use these commands: Get-MgUser onpremupn | fl objectguid Manually confirm the conversion from objectGUID to Base64 on-premises. The following example is the default of converting the objectGUID into the ImmutableID. In the authentication window, enter Global Administrator credentials. If you have the module, a warning might appear to update to the latest version. Install-Module AzureAD in an administrative session before you run the following commands: Import-module AzureAD If you've never used the Microsoft Graph PowerShell module, run You can connect to Microsoft Graph PowerShell and examine the current ImmutableID value. By default, it then stamps that string to the ImmutableID field in Azure AD. Okta takes the Active Directory objectGUID of an on-premises object and converts it to a Base64-encoded string. The ImmutableID attribute ties synchronized objects to their on-premises counterparts. Before you continue with installation, see Prerequisites for Azure AD Connect.Ĭonfirm ImmutableID attribute synchronized by Okta

Take all prerequisites into consideration when you install Azure AD Connect or Azure AD cloud provisioning.
