问题
We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this
{
"odata.error": {
"code": "Request_ResourceNotFound",
"message": {
"lang": "en",
"value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
}
}
}
Is there a way to make the on premise guid the same as the azure objectId during sync? Or are these two fields not related?
回答1:
The two are unrelated, and the Azure AD ObjectId is immutable.
If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.
More details: http://blogs.perficient.com/microsoft/2015/04/office-365-why-you-need-to-understand-immutableid/
来源:https://stackoverflow.com/questions/32383077/on-premise-active-directory-objectid-is-different-than-azure-active-directory-ob