On premise Active Directory ObjectId is different than Azure Active Directory ObjectId

azure active-directory azure-active-directory azure-ad-graph-api

13,224

The two are unrelated, and the Azure AD ObjectId is immutable.

If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.

More details: http://blogs.perficient.com/microsoft/2015/04/office-365-why-you-need-to-understand-immutableid/

13,224

Author by

Ju66ernaut

Naturally and artificially flavored

Updated on June 04, 2022

Comments

Ju66ernaut almost 2 years
We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this
```
{
"odata.error": {
    "code": "Request_ResourceNotFound",
    "message": {
        "lang": "en",
        "value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
    }
  }
}
```
Is there a way to make the on premise guid the same as the azure objectId during sync? Or are these two fields not related?
Dan Kershaw - MSFT over 8 years

Please see msdn.microsoft.com/Library/Azure/Ad/Graph/api/… for a description of the User entity and the immutableId property that Philippe describes above.