Using the latest Azure Active Directory Connect, we can use the Ms-Ds-ConsistencyGUID to migrate our AD Users!
Basically in AD, every user has an ObjectGUID, this is unique and the field is non-writable.
However, Ms-Ds-ConsistencyGUID field is writeable and in the latest version of AAD Connect this is now the norm that the sourceanchor can be the Ms-Ds-ConsistencyGUID!
More about SourceAnchor here:
So our new AD users can have the same GUID as there previous user AD Object.
Office 365 has long been using ObjectGUID for the SourceAnchor (to match user accounts), however once you make changes etc the account has gone! but where? sticky situation and glad these were just test accounts as I moved the user object out of scope! whoops – it deletes the object!
Research into the new AAD Connect version, I first found this blog post:
So yes I thought myself oh no, rebuild AAD Connect…….but this is an update! cool! so ran the update and changed the config, all good.
Can now create new AD User copy over the GUID into the correct field and run the sync, however I had to turn off automatic sync, for now until all accounts migrated.