- Move the user to an OU that is not monitored by AD sync, perform an export, go to Azure AD and permanently delete the user.
- Connect-MsolService -Credential $credential
- Install-Module MSOnline
- import-module adsync
- [system.convert]::ToBase64String((Get-Aduser dfcoughlin).objectGUid.ToByteArray())
- Set-MsolUser -UserPrincipalName user@abc.com -ImmutableId <INSERT B64 ID HERE>
- Move the AD user back to the monitored OU.
Other way to get GUID-
- Get-ADUser -Identity “<username>”
- Convert the GUID to Base 64
- $guid = "3ab39606-c642-489b-84b6-58c038d3ef39"
- $base64 = [system.convert]::ToBase64String(([GUID]$guid).ToByteArray())
- $base64
How to unlink a cloud Azure AD account with the corresponding On Prem User (DeletingCloudOnlyObjectNotAllowed)
# Change UPN to "onmicrosoft"
set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@yourcompany.onmicrosoft.com
# Setting a new Random Immutable ID
set-MsolUser –UserPrincipalName user@yourcompany.onmicrosoft.com -ImmutableId "Z/-XGv2W4kWPM1mR/ddSdn!)"
# Changing it back to the original UPN
set-MsolUserPrincipalName -UserPrincipalName user@yourcompany.onmicrosoft.com -NewUserPrincipalName user@domain.com
