前提条件Active Directory ObjectId与Azure Active Directory ObjectId不同 [英] On premise Active Directory ObjectId is different than Azure Active Directory ObjectId

问题描述

我们有一个内部活动目录，该目录与我们的Azure活动目录同步。在本地AD中进行分组，当我在属性编辑器选项卡中查看objectGUID时，我看到一个值，但是当我尝试在 Azure Graph API来获取组（在发生同步之后），我得到了

We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this

{
"odata.error": {
    "code": "Request_ResourceNotFound",
    "message": {
        "lang": "en",
        "value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
    }
  }
}

是否有同步期间使本地guid与azure objectId相同的方法？还是这两个字段不相关？

推荐答案

这两个字段不相关，并且Azure AD ObjectId是不可变的。

The two are unrelated, and the Azure AD ObjectId is immutable.

如果要查找将本地AD用户对象链接到Azure AD用户对象的标识符，则应查看Azure AD的ImmutableID。默认情况下，它是本地对象的objectGUID的Base64编码。

If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.

更多详细信息： http://blogs.perficient.com/microsoft/2015/04/office-365-why -您需要了解immutableid /

这篇关于前提条件Active Directory ObjectId与Azure Active Directory ObjectId不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！