Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification - Synced user conversion #795

Open
J-a-k-o-b opened this issue May 10, 2024 · 8 comments
Open

Clarification - Synced user conversion #795

J-a-k-o-b opened this issue May 10, 2024 · 8 comments
Assignees
@barclayn
Labels
assigned-to-author Issue assigned to author entra-id/svc Pri3 product-question triaged users/subsvc

Comments

@J-a-k-o-b
Copy link

J-a-k-o-b commented May 10, 2024
edited by TPavanBalaji

I don't get it why/how the conversation of synced users should be possible and what the usecases are... Is this a feature to make a hybrid identity to a cloud only user?
If so, is this only usable using Entra Cloud Sync to sync users? I can't imagine a way how to "unsync" a user using entra connect.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
@TPavanBalaji TPavanBalaji self-assigned this May 10, 2024
@TPavanBalaji
Copy link

@J-a-k-o-b
It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!

@J-a-k-o-b
Copy link
Author

Sorry, didn't recognized that this issue seems not to be linked to the article from where I've opened it. The docs site I'm talking about is this one: https://learn.microsoft.com/en-us/entra/identity/users/convert-external-users-internal#synced-user-conversion

@TPavanBalaji
Copy link

@J-a-k-o-b
Thanks for your feedback! We will investigate and update as appropriate.

@SaibabaBalapur-MSFT
Copy link
Contributor

Hi @J-a-k-o-b I'd recommend working closer with our support team via an Azure support request. Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.Teams Q&A forum for technical questions about the configuration and administration of Microsoft Teams on Windows.Microsoft Teams Community forum

@J-a-k-o-b
Copy link
Author

This is a general question which should be answered in general to avoid unnecessary support calls. Maybe you can answer it in a kind of requirements section.

@SaibabaBalapur-MSFT
Copy link
Contributor

SaibabaBalapur-MSFT commented May 14, 2024
edited

@J-a-k-o-b
Synced user conversion is a feature that allows you to convert a user from an external user to an internal user in Entra AD. This feature is useful when you want to move a user from a federated identity provider to Entra AD, or when you want to convert a user from a cloud-only identity to a synced identity.

You can use Entra AD Connect to synchronize your on-premises identities to Azure AD. When you convert a user from an external user to an internal user, Entra AD Connect will synchronize the user's attributes to Entra AD, and the user will be managed in Entra AD going forward.

Regarding your question about "unsyncing" a user, you can achieve this by disabling directory synchronization for the user in Entra AD Connect. Once directory synchronization is disabled for the user, any changes made to the user's attributes in Entra AD will no longer be synchronized to your on-premises directory.

I hope this helps clarify your questions.

Please Note, GitHub forum is dedicated for Microsoft documentation related issues.

@J-a-k-o-b
Copy link
Author

Sorry, i don't get it. The article mentions that you can use this feature for synced users, which are hybrid identities. I don't get it what conversation could be done with that type of accounts?

In this document, when we say 'Synced user', we mean users synced from on-premises. As these accounts are managed at the source, administrators are unable to specify the UPN for these users.

Synced users where the tenant uses federated authentication
If Password Hash Sync (PHS) is enabled, administrators are blocked from setting a new password during conversion.
if the federated tenant doesn't have PHS enabled, administrators have the option to set a password.
In cases where the tenant is managed, meaning it uses cloud authentication, administrators are required to specify a password during conversion.

@SaibabaBalapur-MSFT SaibabaBalapur-MSFT added assigned-to-author Issue assigned to author and removed cxp labels May 14, 2024
@SaibabaBalapur-MSFT
Copy link
Contributor

@J-a-k-o-b I apologize for any confusion. The article you mentioned is about converting external users to internal users in Entra AD, and it mentions that this feature can be used for synced users, which are hybrid identities. However, it does not mention anything about conversations with these types of accounts. Further I'm going to assign @barclayn this to the document author so they can take a look at it accordingly.

@barclayn
please review it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barclayn barclayn

Labels
assigned-to-author Issue assigned to author entra-id/svc Pri3 product-question triaged users/subsvc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@barclayn @J-a-k-o-b @SaibabaBalapur-MSFT @TPavanBalaji