Soft Match, usually a cloud user On-Premises Active Directory is a concept used when matching with a user. This usually means that a local user of an organization already has a Office 365 or Azure AD when you have an account and On-Premises Used when AD user needs to be mapped to this cloud account.
Soft match, Azure AD Connect It is performed automatically by the cloud user and is usually UserPrincipalName With (UPN) feature On-Premises It compares the UPN attribute of the AD user. If the two attributes match, the users are considered as soft matches and Azure AD Connect, considers these users as the same user.
One of the most common scenarios for this is when an organization has previously Office 365 user created and then a local Active Directory In this case, local users and cloud users can be matched using the soft match method.
Soft MatchThere are some prerequisites for it to work:
- UPN's in the local AD and Azure ADin UPNIt needs to match the 's.
- Azure AD Connect, local AD When the user tries to soft match the cloud user, the local user ImmutableID It should not have the feature. If the local user has a ImmutableID If there is a feature, Azure AD Connect hard match tries to do.
- The Display Name, Mail and ProxyAddress sections must match.
*Note: All 3 of these attributes above must have the same value as the Cloud object.
Soft match provides a convenient and flexible way for an organization to match and manage cloud and local users. However, to ensure that users are matched correctly, Azure AD ConnectIt is important to ensure that the is configured properly and that the local and cloud users' UPNs are set correctly.
The place you need to pay attention to is the ProxyAddress section, you need to enter all the SMTP addresses defined on Azure AD in the ProxyAddress section. Uppercase SMTP is defined as the default primary address, lowercase "smtp" indicates your Alias definitions.
After providing the necessary verifications, we need to import the adconnect module with Powershell.
Import-Module ADSync
Then we can sync the changes by starting the Delta sync process.
Start-ADSyncSyncCycle -PolicyType Delta
After these operations, you can see that the user is Synced via the Portal, the password you created on the Cloud will lose its validity and the password valid on the On-Premises AD will be valid.
