bkinsman1.517605883842156E12 (Customer) asked a question.
Office 365: Remove Immutable ID from Office 365 user so alias can be removed
We have bunch of users we need to move to new Office 365 accounts (they have archive GUID issues we cannot fix, it's a long story) but are unable to remove the alias' after changing their UPN/Primary email (which makes the old email an alias) as the user is still seen as directory mastered (due to the presence of an Immutable ID)...
Apart from disabling DirSync whilst these users no longer have Office 365 assignments is anything possible?
In a bit of tough spot here this issue sits right between 2 vendors, so support is limited but the issue is caused by both products interacting with each other...
Hi, @bkinsman1.517605883842156E12 (Customer)
Thank you for posting on our Community page!
For this issue, I suggest you contact Microsoft support as it falls under their care.
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
What you missed: new product releases and other announcements
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
whist this issue is in the MS realm it only arises due to your products interacting, it would be advisable to have some support materials on hand instead of just palming it off
Hi, @bkinsman1.517605883842156E12 (Customer)
Thank you for posting on our Community page!
We appreciate your feedback and we will look into it. You can also raise it as a feature request on our ideas.okta.com page.
Thank you for reaching out to our Community and have a great day!
____________________________________________________________________
What you missed: new product releases and other announcements
____________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
____________________________________________________________________
Is there any solution to this?
I need to move a specific domain off okta sync and federation.
I have done the following:
Removed Federation and M365 is Cloud managed.
Switched from Universal -> Profile -> License/Role Management
Disabled DirSync tenant settings in M365.
I can modify Entra user attributes but the moment I re-enable DirSync in M365 tenant ( which is required for other domains to continue being sync'd through Okta or ADConnect) , users with immutableIDs will not be editable.
This would be a common issue for Okta customers. Any solutions yet?