If you have a default synchronization between your on-premise Active Directory and your Azure AD your user objects are linked by Azure AD Connect with the following attributes:
- On-premise AD user: ObjectGuid
- Azure AD user: ImmutableId
However if you compare these two objects it looks a bit strange!
This is the output for the user object in on-premise AD:
This is the output for the user object in Azure AD:
What happened here?
The thing is that the value is represented in the on-premise AD as a GUID and in Azure AD as a base64 encoded text string.
So, in order to verify if two objects are properly linked you must convert the guid to base64 or the other way around.
To convert a guid string to a base 64 string in PowerShell use the following command:
To convert a base64 string to a guid in PowerShell use this simple command:
Perhaps Microsoft was inspired by the Enigma coding machine of World War II when they designed this? At least now you know how to break the code… 😉