Sdílet prostřednictvím


Support-Info: (AADCONNECT): How to merge a group object with a contact object

FOCUSED PRODUCT

  • Azure AD Connect (should be possible with all builds of AADConnect - if you run into an issue, comment or email me)

PROBLEM SCENARIO DESCRIPTION

The problem we are attempting to resolve here is how to take a Group Object from Forest A and merge it with a Contact Object from Forest B using Azure AD Connect. The goal is to have a Group Object with information provided from both objects in Office 365.

KEY POINTS TO BE AWARE

  1. In Azure AD Connect, you can only join on the same object type in the Azure AD Connect Metaverse
  2. You will need to utilize inbound synchronization rules

BUSINESS RULES

Understand the business need/rule(s) that you are attempting to achieve here. This will help in the development of this solution. It will help:

  1. Determine if you need a Provisioning Synchronization Rule and/or a Join Synchronization Rule.
  2. Determine if you need a Scoping Filter to have the Inbound Synchronization Rule execute for a certain set of objects.

RESOLUTION STEPS

*NOTE: Modifying the default synchronization rule, you run the risk of the rule being overwritten during an upgrade. Making a copy of the rule allows you to have an already configured rule that you can make adjustments to fit your internal business rules.

  1. Recommend to make copies of the following default Inbound Synchronization Rules for Contact objects and then disable the default Synchronization Rules
    1. In from AD - Contact Join (Provisioning Inbound Synchronization Rule)
    2. In from AD - Contact Common (Join Inbound Synchronization Rule)
  2. The Description Page of your new Inbound Synchronization Rule is the most important piece. You need to ensure that the Connected System Object Type is contact and the Metaverse Object type is Group.
    1. Connected System Object Type = Contact
    2. Metaverse Object Type = Group

RESOURCE LINKS

Comments

  • Anonymous
    March 16, 2017
    Can this goal be accomplished while also retaining the user/contact merge in a multi-forest GAL Sync scenario, User identities exist across multiple directories, match using mail attribute?
    • Anonymous
      March 16, 2017
      Hi Jim, I also sent you an email reply to your email. In thinking of this scenario, I do believe that you can get this to work. As you thought of, you will have to keep the default sync rule enabled and then utilize the scoping filter to determine which objects work with which synchronization rule. Hope that makes sense. - Tim