# Azure Active Directory

# Sync with on-site Active Directory

## Azure AD Connect client service failing to start

Accompanied by an event ID 528 from SQLLocalDB 15.0 in the Application event log with the description:

```
WaitForMultipleObjects
575
{Application Error}
The application was unable to start correctly (0x%lx). Click OK to close the application.
3714
```

Identify the account that the ADSync service is running over, and then copy over model.mdf and modellog.ldf from `C:\Program Files\Microsoft SQL Server\150\LocalDB\Binn\Templates` to `<em>%ServiceProfilePath%\AppData\Local\Microsoft\Microsoft SQL Server Local DB\Instances\ADSync2019</em>`. Alternatively, the [AD Sync Service Repair Powershell](https://github.com/ADCTrevorRuppert/AD-Sync-Service-Repair) script can be used to automate the process.

Update the AD Connect client to a supported version, and run the Azure AD Connect UI to update the synchronisation engine.

## Convert on-site AD objectGUID to Azure AD ImmutableID

Use the below Powershell command to convert the ImmutableID within Azure Active Directory to the objectGUID in the on-site Active Directory

` [Convert]::ToBase64String([guid]::New("InsertGUID").ToByteArray())`

## Convert Azure AD ImmutableID to on-site AD objectGUID


Use the below Powershell command to convert the objectGUID from the on-site Active Directory account to the ImmutableID format used in Azure Active Directory.

`[Guid]([Convert]::FromBase64String("ImmutableID"))`

## Clear ImmutableID from Entra ID object

n.b. The user will need to be cloud only first. If there is still an active AD sync, the AD object will need to be moved outside the OUs synced by Entra Connect.

Install the Microsoft Graph Authentication and Users module

```powershell
Install-Module Microsoft.Graph.Authentication
Install-Module Microsoft.Graph.Users
Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Users
```

Connect to Entra ID with the required permissions

```powershell
Connect-MgGraph -Scopes "User.ReadWrite.All" , "Domain.ReadWrite.All", "Directory.AccessAsUser.All"
```

Set the ImmutableID on the user object to null

```powershell
Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/<User UPN>" -Body @{OnPremisesImmutableId = $null}
```