Note: This applies to Hybrid deployments only
Identifying the Source Anchor Attribute
While implementing Azure AD Connect it is essential to ensure you are correctly configuring the Source Anchor Attribute within your environment.
The Source Anchor Attribute is considered an Immutable ID, meaning, once set and the identifier has been synced, it cannot be modified. This attribute is utilized during the following scenarios:
- Introducing a new sync engine, or a rebuilt engine.
- If federation is in use, the Source Anchor will work in conjunction with the UPN to identify an individual.
- If moving from a cloud only environment to a synchronized hybrid environment.
By default, the Source Anchor Attribute uses the AD ObjectGUID attribute to align your Azure AD objects with your Active Directory objects.
If your company utilizes a single Active Directory instance or can confirm that your company will not be moving objects within your Active Directory instance in the future, then the AD ObjectGUID will work well.
However, if your company has multiple domains or plans to move user objects from one domain to another, then you may already be using a different attribute other than AD ObjectGUID as the Source Anchor.
For more information, please review the Microsoft document below.
Azure AD Connect: Design Concepts
Updating Source Anchor Attribute for Directory
If your environment is configured to use a custom source anchor other than the default AD ObjectGUID you’ll need to configure Hyperfish settings within your ADProvidersettings.json file to observe the custom source anchor before using Hyperfish.
1 Stopping the Directory Service
- Navigate to your server that is running the Hyperfish service.
- Expand the Windows icon on the bottom left of your screen and open Services.msc
- Find the Hyperfish Service and stop it.
2 Updating the JSON File
- Open File Explorer, navigate to C:\Users\SVC account\AppData\Local\Hyperfish\connectors
(SVC account will be the service account used to install Hyperfish)
- Open the jsonfile
- Update the SourceAnchorAttributeto reflect the attribute your company is using. (see image)
- Save file and exit
3 Restarting the Directory Service
- Navigate back to your Services.msc agent
- Restart the Directory Service from Services.msc
Comments
0 comments
Please sign in to leave a comment.