If you already have accounts set up in Microsoft 365 tenant before you synchronized between on-premises Active Directory and Microsoft 365’s Azure AD, you may want to convert these accounts to the synced ones, rather than leaving them as the cloud users.
Assume you already have your on-premises Active Directory cleaned up and prepared for Azure AD Connect, here are the steps that would make it happen.
First off, keep the accounts that you want to convert off the OU that will be synced up with Azure AD Connect. If you already have accounts duplicated in Microsoft 365, permanently delete these accounts first before moving forward.
Then, update the Cloud account’s UPN to match the one on on-premises AD.
Once done, run the following PowerShell cmdlets to match on-premises AD’s GUID with Cloud account’s Immutable ID. Making both IDs match tells Azure AD that the account is linked with on-premises Active Directory.
Connect-MsolService
$upn = "[email protected]"
$id = [system.convert]::ToBase64String((Get-ADUser -filter {userprincipalname -eq $UPN}).objectGUid.ToByteArray())
Set-MsolUser -UserPrincipalName $upn -ImmutableId $id
Thanks to here for the ImuutableID trick.
If you encounter any cmdlet not found error, install and import the MSOnline module first from an elevated PowerShell window.
Install-Module MsOnline
Finally, move these accounts back to the syncing OU and sync them all to Microsoft 365.