AAD Connect and the ImmutableId

When AAD Connect provisions an on-premises object to Azure AD, it populates a cloud attribute that links it to the on-premises object.

This attribute, known as the ImmutableId, derives from an encoded representation of the sourceAnchor attribute. This sourceAnchor is typically the ms-DS-ConsistencyGuid attribute and based upon the underlying objectGuid of the AD object.

Converting the ImmutableId

The following functions provide the conversions; to and from the encoded ImmutableId value as well as a means to construct the DN for an object as shown in AAD Connect.

Conversion from ImmutableId to GUID

Conversion from GUID to ImmutableId

Conversion from ImmutableId to DN

Conversion from ImmutableId to DN as shown in AAD Connect.

Twitter Facebook LinkedIn

AAD Connect and the ImmutableId

Chris Dymond

Converting the ImmutableId

Conversion from ImmutableId to GUID

Conversion from GUID to ImmutableId

Conversion from ImmutableId to DN

You May Also Enjoy

Scoping Azure AD Roles with Administrative Units

Granting Background App Services, Daemons and Scripts Delegated Permissions for Microsoft Graph

B2C Federating to a Single Azure AD Tenant

Azure AD Group Writeback to On-Premises AD