{"id":15,"date":"2025-01-02T15:41:32","date_gmt":"2025-01-02T15:41:32","guid":{"rendered":"https:\/\/kb.luxenburger.nl\/?p=15"},"modified":"2025-08-27T14:40:14","modified_gmt":"2025-08-27T14:40:14","slug":"remove-imutableid-and-connect-to-a-new-onprem-account","status":"publish","type":"post","link":"https:\/\/kb.luxenburger.nl\/?p=15","title":{"rendered":"Remove ImmutableID and Reconnect to a New On-Prem Account"},"content":{"rendered":"\n\n\n<p>Skip to Step by step guide: <a href=\"#guide\">Click here!<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p>In hybrid Azure AD\/Active Directory environments, cloud user accounts are linked to their on-prem counterparts through the <strong>ImmutableID<\/strong> attribute. This value uniquely binds an Azure AD user to its Active Directory object, ensuring synchronization via Entra Connect (formerly AAD Connect).<\/p>\n\n\n\n<p>However, situations may arise where you need to reconnect a cloud-only Azure AD account to a <strong>new on-premises AD account<\/strong>. This could happen after account cleanup, migration, or recreating a user in Active Directory.<\/p>\n\n\n\n<p>If the ImmutableID is not cleared, synchronization will fail because Azure AD still expects the old object.<\/p>\n\n\n\n<p>This guide explains:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What ImmutableID is and why it matters<\/li>\n\n\n\n<li>How to remove it using the <strong>AzureAD PowerShell module<\/strong><\/li>\n\n\n\n<li>How to create a new on-prem account and link it back<\/li>\n\n\n\n<li>Best practices and troubleshooting tips<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What Is ImmutableID?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Definition<\/strong>: The <code>ImmutableID<\/code> attribute in Azure AD is a base64 representation of the on-prem <code>objectGUID<\/code>.<\/li>\n\n\n\n<li><strong>Purpose<\/strong>: It ensures a stable, unique link between Azure AD and Active Directory objects.<\/li>\n\n\n\n<li><strong>Problem<\/strong>: If the on-prem object is deleted or recreated, the <code>objectGUID<\/code> changes\u2014breaking the link.<\/li>\n<\/ul>\n\n\n\n<p>Clearing the <code>ImmutableID<\/code> allows Azure AD to accept a new on-prem user with the same <strong>User Principal Name (UPN)<\/strong> during the next synchronization cycle.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Don&#8217;t want to do is fully manually? <a href=\"#script\">Download the Script at the bottom of the post<\/a>. In case scripts don\u2019t work you can contact me on&nbsp;info@luxenburger.nl<br>This methode will also allow you to delete a cloud user that is synced to the on prem AD with a broken ADSync.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"guide\">Step-by-Step: Remove ImmutableID with AzureAD Module<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Install and Connect to AzureAD<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Install-Module AzureAD -Force\nConnect-AzureAD<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Install-Module<\/span><span style=\"color: #D4D4D4\"> AzureAD -Force<\/span><\/span>\n<span class=\"line\"><span style=\"color: #DCDCAA\">Connect-AzureAD<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><\/blockquote>\n\n\n\n<p>Sign in with an <strong>Azure AD Global Administrator<\/strong> account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Check the Current ImmutableID<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Get-AzureADUser -ObjectId \"&#91;email protected&#93;\" | Select-Object DisplayName, UserPrincipalName, ImmutableId<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Get-AzureADUser<\/span><span style=\"color: #D4D4D4\"> -ObjectId <\/span><span style=\"color: #CE9178\">&quot;&#91;email protected&#93;&quot;<\/span><span style=\"color: #D4D4D4\"> | <\/span><span style=\"color: #DCDCAA\">Select-Object<\/span><span style=\"color: #D4D4D4\"> DisplayName, UserPrincipalName, ImmutableId<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This shows if the user currently has an ImmutableID value set.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Clear the ImmutableID<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Direct by UPN\nSet-AzureADUser -ObjectId \"&#91;email protected&#93;\" -ImmutableId \"\"\n\n# Or resolve ObjectId first (recommended)\n$user = Get-AzureADUser -Filter \"userPrincipalName eq '&#91;email protected&#93;'\"\nSet-AzureADUser -ObjectId $user.ObjectId -ImmutableId \"\"<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #6A9955\"># Direct by UPN<\/span><\/span>\n<span class=\"line\"><span style=\"color: #DCDCAA\">Set-AzureADUser<\/span><span style=\"color: #D4D4D4\"> -ObjectId <\/span><span style=\"color: #CE9178\">&quot;&#91;email protected&#93;&quot;<\/span><span style=\"color: #D4D4D4\"> -ImmutableId <\/span><span style=\"color: #CE9178\">&quot;&quot;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #6A9955\"># Or resolve ObjectId first (recommended)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">$user<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #DCDCAA\">Get-AzureADUser<\/span><span style=\"color: #D4D4D4\"> -Filter <\/span><span style=\"color: #CE9178\">&quot;userPrincipalName eq &#39;&#91;email protected&#93;&#39;&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #DCDCAA\">Set-AzureADUser<\/span><span style=\"color: #D4D4D4\"> -ObjectId <\/span><span style=\"color: #9CDCFE\">$user<\/span><span style=\"color: #DCDCAA\">.ObjectId<\/span><span style=\"color: #D4D4D4\"> -ImmutableId <\/span><span style=\"color: #CE9178\">&quot;&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Verify the ImmutableID Was Removed<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Get-AzureADUser -ObjectId \"&#91;email protected&#93;\" | Select-Object UserPrincipalName, ImmutableId<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Get-AzureADUser<\/span><span style=\"color: #D4D4D4\"> -ObjectId <\/span><span style=\"color: #CE9178\">&quot;&#91;email protected&#93;&quot;<\/span><span style=\"color: #D4D4D4\"> | <\/span><span style=\"color: #DCDCAA\">Select-Object<\/span><span style=\"color: #D4D4D4\"> UserPrincipalName, ImmutableId<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>If successful, the <code>ImmutableId<\/code> field should now be <strong>blank<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create or Match the On-Prem AD User<\/h3>\n\n\n\n<p>The new AD account must have the <strong>same UPN<\/strong> as the Azure AD user. Example:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>New-ADUser -Name \"John Doe\" -SamAccountName johndoe `\n  -UserPrincipalName &#91;email protected&#93; `\n  -AccountPassword (ConvertTo-SecureString \"P@ssw0rd\" -AsPlainText -Force) `\n  -Enabled $true<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">New-ADUser<\/span><span style=\"color: #D4D4D4\"> -Name <\/span><span style=\"color: #CE9178\">&quot;John Doe&quot;<\/span><span style=\"color: #D4D4D4\"> -SamAccountName johndoe `<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">  -UserPrincipalName &#91;<\/span><span style=\"color: #569CD6\">email<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #569CD6\">protected<\/span><span style=\"color: #D4D4D4\">&#93; `<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">  -AccountPassword (<\/span><span style=\"color: #DCDCAA\">ConvertTo-SecureString<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #CE9178\">&quot;P@ssw0rd&quot;<\/span><span style=\"color: #D4D4D4\"> -AsPlainText -Force) `<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">  -Enabled <\/span><span style=\"color: #569CD6\">$true<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Run a Synchronization Cycle<\/h3>\n\n\n\n<p>On the server running <strong>Entra Connect (AAD Connect)<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Start-ADSyncSyncCycle -PolicyType Delta<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Start-ADSyncSyncCycle<\/span><span style=\"color: #D4D4D4\"> -PolicyType Delta<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>For major changes, you may prefer:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Start-ADSyncSyncCycle -PolicyType Initial<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Start-ADSyncSyncCycle<\/span><span style=\"color: #D4D4D4\"> -PolicyType Initial<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The next sync will re-link the Azure AD account to the on-prem user.<\/p>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary>Old Methode using MSOnline<\/summary>\n<p>open Powershell as an Admin<\/p>\n\n\n\n<p>To start we need to install MSOnline module.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Install-Module -Name MSOnline<\/p>\n<\/blockquote>\n\n\n\n<p>Conect to MSOnline using the following the command.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Connect-MsolService<\/p>\n<\/blockquote>\n\n\n\n<p>you will now be promted to login using the admin credentials of Azure.<\/p>\n\n\n\n<p>After logging in you can look up if a user has an InmutableID with the command below.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Get-MsolUser -UserPrincipalName user@example.com | fl<\/p>\n<\/blockquote>\n\n\n\n<p>If you need to clear the ImutableID you will have to use the following command.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Set-MsolUser -UserPrincipalName user@example.com -ImmutableId &#8220;$null&#8221;<\/p>\n<\/blockquote>\n\n\n\n<p>When the ImutableID is cleared you can create an Onprem user. This user must have the same UPN as the cloud user.<\/p>\n\n\n\n<p>When the new user is created and you have the Active directory Synchronization Tool you can now use the command.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Start-ADSyncSyncCycle<\/p>\n<\/blockquote>\n<\/details>\n\n\n\n<h3 class=\"wp-block-heading\">Example Scenario<\/h3>\n\n\n\n<p><strong>After<\/strong>: Cloud user links successfully to new AD object and hybrid sign-in works again<\/p>\n\n\n\n<p><strong>Before<\/strong>: Cloud user has a stale ImmutableID referencing a deleted AD account \u2192 sync fails.<\/p>\n\n\n\n<p><strong>Action<\/strong>: Clear ImmutableID, create new on-prem user with same UPN, run sync.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always <strong>backup ImmutableID values<\/strong> before clearing (audit log).<\/li>\n\n\n\n<li>Use <strong>empty string <code>\"\"<\/code><\/strong> with <code>Set-AzureADUser<\/code> (never <code>$null<\/code>).<\/li>\n\n\n\n<li>Test changes on a single account before bulk operations.<\/li>\n\n\n\n<li>Document each change for compliance purposes.<\/li>\n\n\n\n<li>Run an <strong>Initial sync<\/strong> after major user cleanups to avoid conflicts.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>The <strong>ImmutableID<\/strong> is critical for hybrid identity management in Azure AD. When accounts are recreated on-prem, clearing the ImmutableID ensures proper re-linking during synchronization. By following this guide with the <strong>AzureAD PowerShell module<\/strong>, you can safely remove ImmutableID values, reconnect users, and maintain seamless hybrid identity.<\/p>\n\n\n\n<p>Script Outdated. Still using MSOL<\/p>\n\n\n<a  data-e-Disable-Page-Transition=\"true\" class=\"download-link\" title=\"Version 1.0.0\" href=\"http:\/\/kb.luxenburger.nl?download=68&amp;tmstv=1776953218\" rel=\"nofollow\" id=\"download-link-68\" data-redirect=\"false\" >\n\tScript &#8211; Remove ImutableID and connect to a new onprem account\t(3665 downloads\t)\n<\/a>\n\n\n\n<p class=\"has-text-color has-background has-link-color wp-elements-068223c1e8aa76700b7e5e47ec13dba0\" id=\"script\" style=\"color:#ffffff00;background-color:#ffffff00\">Script<\/p>\n\n\n\n<p>Source: <a href=\"https:\/\/learn.microsoft.com\/en-us\/answers\/questions\/5095180\/remove-immutableid-from-deleted-user-in-office-365\">Microsoft Learn<\/a><\/p>\n\n\n\n<p>Downloads? <a href=\"https:\/\/kb.luxenburger.nl\/?p=56\">Click here!<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Skip to Step by step guide: Click here! Introduction In hybrid Azure AD\/Active Directory environments, cloud user accounts are linked [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,10],"tags":[12,13],"class_list":["post-15","post","type-post","status-publish","format-standard","hentry","category-entra-id","category-user","tag-ad-user","tag-entra-id"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kb.luxenburger.nl\/?p=15\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger\" \/>\n<meta property=\"og:description\" content=\"Skip to Step by step guide: Click here! Introduction In hybrid Azure AD\/Active Directory environments, cloud user accounts are linked [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kb.luxenburger.nl\/?p=15\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge-base Luxenburger\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-02T15:41:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-27T14:40:14+00:00\" \/>\n<meta name=\"author\" content=\"Dani Luxenburger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dani Luxenburger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15\"},\"author\":{\"name\":\"Dani Luxenburger\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/#\\\/schema\\\/person\\\/33ab66ea0a96d7e89c073d49ea1e8498\"},\"headline\":\"Remove ImmutableID and Reconnect to a New On-Prem Account\",\"datePublished\":\"2025-01-02T15:41:32+00:00\",\"dateModified\":\"2025-08-27T14:40:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15\"},\"wordCount\":648,\"keywords\":[\"AD-User\",\"Entra ID\"],\"articleSection\":[\"Entra ID\",\"User\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15\",\"url\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15\",\"name\":\"Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/#website\"},\"datePublished\":\"2025-01-02T15:41:32+00:00\",\"dateModified\":\"2025-08-27T14:40:14+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/#\\\/schema\\\/person\\\/33ab66ea0a96d7e89c073d49ea1e8498\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?p=15#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kb.luxenburger.nl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Remove ImmutableID and Reconnect to a New On-Prem Account\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/#website\",\"url\":\"https:\\\/\\\/kb.luxenburger.nl\\\/\",\"name\":\"Knowledgebase Luxenburger\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kb.luxenburger.nl\\\/#\\\/schema\\\/person\\\/33ab66ea0a96d7e89c073d49ea1e8498\",\"name\":\"Dani Luxenburger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g\",\"caption\":\"Dani Luxenburger\"},\"sameAs\":[\"https:\\\/\\\/kb.luxenburger.nl\"],\"url\":\"https:\\\/\\\/kb.luxenburger.nl\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kb.luxenburger.nl\/?p=15","og_locale":"en_US","og_type":"article","og_title":"Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger","og_description":"Skip to Step by step guide: Click here! Introduction In hybrid Azure AD\/Active Directory environments, cloud user accounts are linked [&hellip;]","og_url":"https:\/\/kb.luxenburger.nl\/?p=15","og_site_name":"Knowledge-base Luxenburger","article_published_time":"2025-01-02T15:41:32+00:00","article_modified_time":"2025-08-27T14:40:14+00:00","author":"Dani Luxenburger","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dani Luxenburger","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kb.luxenburger.nl\/?p=15#article","isPartOf":{"@id":"https:\/\/kb.luxenburger.nl\/?p=15"},"author":{"name":"Dani Luxenburger","@id":"https:\/\/kb.luxenburger.nl\/#\/schema\/person\/33ab66ea0a96d7e89c073d49ea1e8498"},"headline":"Remove ImmutableID and Reconnect to a New On-Prem Account","datePublished":"2025-01-02T15:41:32+00:00","dateModified":"2025-08-27T14:40:14+00:00","mainEntityOfPage":{"@id":"https:\/\/kb.luxenburger.nl\/?p=15"},"wordCount":648,"keywords":["AD-User","Entra ID"],"articleSection":["Entra ID","User"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kb.luxenburger.nl\/?p=15","url":"https:\/\/kb.luxenburger.nl\/?p=15","name":"Remove ImmutableID and Reconnect to a New On-Prem Account - Knowledge-base Luxenburger","isPartOf":{"@id":"https:\/\/kb.luxenburger.nl\/#website"},"datePublished":"2025-01-02T15:41:32+00:00","dateModified":"2025-08-27T14:40:14+00:00","author":{"@id":"https:\/\/kb.luxenburger.nl\/#\/schema\/person\/33ab66ea0a96d7e89c073d49ea1e8498"},"breadcrumb":{"@id":"https:\/\/kb.luxenburger.nl\/?p=15#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kb.luxenburger.nl\/?p=15"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/kb.luxenburger.nl\/?p=15#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kb.luxenburger.nl\/"},{"@type":"ListItem","position":2,"name":"Remove ImmutableID and Reconnect to a New On-Prem Account"}]},{"@type":"WebSite","@id":"https:\/\/kb.luxenburger.nl\/#website","url":"https:\/\/kb.luxenburger.nl\/","name":"Knowledgebase Luxenburger","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kb.luxenburger.nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/kb.luxenburger.nl\/#\/schema\/person\/33ab66ea0a96d7e89c073d49ea1e8498","name":"Dani Luxenburger","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/571d359fdc33b6d44e49c186495356a4654601b96039be81a92bb8401f9588cc?s=96&d=mm&r=g","caption":"Dani Luxenburger"},"sameAs":["https:\/\/kb.luxenburger.nl"],"url":"https:\/\/kb.luxenburger.nl\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/posts\/15","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15"}],"version-history":[{"count":12,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/posts\/15\/revisions"}],"predecessor-version":[{"id":180,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=\/wp\/v2\/posts\/15\/revisions\/180"}],"wp:attachment":[{"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.luxenburger.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}