AAD Connect软匹配 [英] AAD Connect Soft-match

问题描述

我想知道软匹配是否已经改变？
b $ b案例：客户有AAD Connect。他在AzureAD中只有一个云端管理员帐户（用户名如admin-user@domain.com）。该帐户有一个空白的immutableID-field。我们使用相同的UPN在内部AD中创建了一个用户并运行同步。现在，我期望的是
AAD Connect以匹配这两个用户。这不会发生。而是在Office365中创建一个新用户，其用户名为admin-user1442@domain.onmcrosoft.com。

I was wondering if soft-matching has changed?
Case: A customer has AAD Connect. He has a cloud only admin-account in AzureAD (Username like admin-user@domain.com). The account has a blank immutableID-field. We created a user in on premises AD with the same UPN and run a sync. Now, what I expect is for AAD Connect to match the two users. This does not happen. Instead a new user is created in Office365 with username like admin-user1442@domain.onmcrosoft.com.

要解决此问题，我从新创建的用户复制了immutableID，删除了它，并且在cloud上只设置admin-account的immutableid。新的同步与用户匹配。

To work around this I copied the immutableID from the newly created user, deleted it, and set the immutableid on the cloud only admin-account. A new sync matched the users.

我知道我过去做过像这样的软匹配。我甚至通过清除AzureAD中的immutableid字段并使用匹配的UPN从新AD运行新的同步来进行AD迁移，其中我有软匹配的用户数量。

I know that I, in the past, have done soft-matching like this. I have even made AD-migrations where I have soft-matched hundereds of users just by clearing the immutableid field in AzureAD and ran a new sync from the new AD with matching UPNs.

有没有人知道为什么软匹配不像我期望的那样工作？

Does anyone know why soft-matching does not work like I expect it?

推荐答案

Hello jensrottereng， 

Hello jensrottereng, 

可以运行以下命令" Get-MsolDirSyncFeatures "
，用于检查客户是否启用了功能"EnableSoftMatchonUpn "  租户？

Can you run the following command "Get-MsolDirSyncFeatures" to check if the feature "EnableSoftMatchonUpn" is enabled or not in your customer's tenant ?

所有新租户都启用了此功能。如果您的客户的租户刚刚创建，则可能无法启用此功能。 

All the new tenants have this feature enabled. If your customer's tenant has been created a while ago, they might not have this enabled. 

这篇关于AAD Connect软匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！