profile for Hannel on Stack Exchange, a network of free, community-driven Q&A sites
Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


This article covers the automation of fixing a common DirSync/AADConnect issue with duplicate cloud account. The duplicate error, which should look like something below means the Local AD account and the cloud account did not merger due to Immutable ID mismatch. The script will update the Cloud Immutable ID to match the local and accounts will merged

20160128 - DirSyncError-bhazeley

Download Script Here


.\UpdateImmutableID -UPN


.\UpdateImmutableID -UPN

Script in Action:


Breakdown of script below:

#Update Immutable ID
#Hannel Hazeley
#Version 1.5


$ErrorActionPreference = "SilentlyContinue" Function ConnectAndUpdate { Write-Host -ForegroundColor Yellow "Connecting to Office 365........"
#Connect to MSOL Environment 
$count = 0
$cred = Get-Credential -Message "Please enter a Global Admin credential for your Office 365 Environment."
Connect-MsolService -Credential $cred
$MSOLValidation = (Get-MsolCompanyInformation).displayname
$count = $count + 1
Until ($MSOLValidation -ne $null -or $count -ge "2")

#Rollback if connection fails
If ($count -ge "2")
Write-Host -ForegroundColor Red "Invalid Office 365 Credential supplied"
} #Convert GUID to ImmutableID $ImmutableID = [System.Convert]::ToBase64String($GUID.tobytearray())
 #Update ImmuteableID to Office 365 Set-MSOLuser -UserPrincipalName $upn -ImmutableID $immutableID Write-Host -ForegroundColor Green "ImmutableID update in Office 365" Write-Host -ForegroundColor Cyan "Please wait for sync for change to update to Office 365 or force a sync" }

#Get and Validate user's GUID
$GUID = (Get-ADUser -Filter {UserPrincipalName -eq $upn}).ObjectGUID
if ($GUID -eq $null)
Write-Host -ForegroundColor Red "UPN Doesn't exist in AD"