Problem: Get an restored user back to office-365 sync

Knowledge Base Community
,
#1

Problem:

A user was deleted in UCS. In office365 the user is locked, loses his groups and is renamed to ZZZ_Deleted.

The restored user is a new one in office365 and not reconnected.

Solution:

First you can try to reconnect with script attached in Bug 48641
Direkt Link to the attachement
http://forge.univention.org/bugzilla/attachment.cgi?id=10628

You may get an API error using the “-m” option:
“ApiError: Property immutableId is invalid”
-> its not possible to change the immutableid via API
so you have to change it manually:

-> Use windows powershell
## Caution! The immutableid cannot be set via script when domain is federated, so we have to briefly change it to a managed domain
## its not tested what this will cause . users will not be able to login until federation is done again, but its unclear if current sessions are ended, or if connected devices will have to reconnect
#powershell:
Connect-MsolService
Set-MsolDomainAuthentication -DomainName "office365.dev-univention.de" -Authentication Managed
# maybe wait a minute, otherwise powershell error may occur
# quote marks around "$null" are essential!
Set-MSOLUser -UserPrincipalName <azureuser-UPN> -ImmutableID "$null"
# activate federation with .bat script given for initial setup by o365 wizard
#end powershell
# connect users with script
./o365_connect_azure_to_ucs_user -c o365domain -p <azureuser-UPN> -u <useruser-uid> -a -m
#2
Mastodon