前提条件Active Directory ObjectId与Azure Active Directory ObjectId不同
我们有一个内部活动目录,该目录与我们的Azure活动目录同步。在本地AD中进行分组,当我在属性编辑器选项卡中查看objectGUID时,我看到一个值,但是当我尝试在 Azure Graph API来获取组(在发生同步之后),我得到了
We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this
{
"odata.error": {
"code": "Request_ResourceNotFound",
"message": {
"lang": "en",
"value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference-property objects are not present."
}
}
}
是否有同步期间使本地guid与azure objectId相同的方法?还是这两个字段不相关?
这两个字段不相关,并且Azure AD ObjectId是不可变的。
The two are unrelated, and the Azure AD ObjectId is immutable.
如果要查找将本地AD用户对象链接到Azure AD用户对象的标识符,则应查看Azure AD的ImmutableID。默认情况下,它是本地对象的objectGUID的Base64编码。
If you're looking for an identifier to link your on-premises AD user object to the Azure AD user object, you should take a look at the Azure AD's ImmutableID. By default, it is the Base64-encoding of the on-prem object's objectGUID.
更多详细信息: http://blogs.perficient.com/microsoft/2015/04/office-365-why -您需要了解immutableid /