-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUpdate_Immutable_ID.ps1
More file actions
19 lines (14 loc) · 933 Bytes
/
Update_Immutable_ID.ps1
File metadata and controls
19 lines (14 loc) · 933 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#Make sure to create a csv file that has SamAccountName,UserprincipalName, and NewUserPrincipalName
$users = Import-Csv "Creation of Userlookup File"
foreach ($user in $users) {
# Get Azure AD user by UPN
$aadUser = Get-MgUser -UserId $user.UserPrincipalName
# Get ObjectGUID from on-prem AD (still requires AD module unless synced via Graph)
$adUser = Get-ADUser -Identity $user.SamAccountName -Properties ObjectGUID
$ImmID = [System.Convert]::ToBase64String(([GUID]($adUser.Object
# Update UPN to Managed Domain
Update-MgUser -UserId $user.UserPrincipalName -UserPrincipalName $user.NewUserPrincipalName
# Set ImmutableID (requires MSOnline or AzureAD module, not Graph directly)
Set-MsolUser -UserPrincipalName $user.NewUserPrincipalName -ImmutableId $ImmID
# Revert UPN back to Federated
Update-MgUser -UserId $user.NewUserPrincipalName -UserPrincipalName $user.UserPrincipalName