Merge AD User with Azure Cloud User

In this scenario you have a cloud user named john.doe@navnet.onmicrosoft.com and you also have an Active Directory user john.doe@navigatornetworks.com sync from on-prem. The goal you are trying to achieve is to merge the 2 accounts together.

There are various scenarios why you would want to merge these accounts, but you should do your own research if this is the correct method for you.

Here are the basic step needed to complete this.

Please note that in a production environment you may not be able to move the user from 1 OU to another. The main idea here is that the AD user attribute (objectID) is linked to the Azure user (ImmutableID) which is then linked back to the AD user attribute (mS-DS-ConsistencyGuid)

Option 1

AD user needs to be moved to an OU that is not synced to AAD
Remove user from Azure AD and permeant delete.
Run Delta Sync on AD Connect
Convert AD objectID to Base64String and apply to AAD ImmutableID
Convert ImmutableID to HEX and apply to AD mS-DS-ConsistencyGuid
Move User back to OU
Run Delta Sync.

Option 2

Set on-prem user ID to be first.last then add additional proxy addresses also in AD
In Azure copy the ImmutableId on the currently-synced AAD user
Permanently delete the synced AAD user
Add the ImmutableID to the desired 365 user account, did this via PowerShell.
Verify after next sync for errors.

Reference Material

Using the mS-DS-ConsistencyGuid attribute to fix sync issues to Office 365/AAD. – C4iocesar – Microsoft Solutions (wordpress.com)

Hybrid Identity: Getting Users Aligned - Microsoft Community Hub