How to Identify a Directory Synchronized User via O365 MSODS User Attribute

Posted on Updated on


In Office 365 Directory Synchronization is still the BEST option for managing both your online and on-premises users, contacts and groups. Office 365 determines whether an object is being managed by an on-premises Active Directory’s Directory Synchronization tool by the O365 MSODS sourceAnchor attribute. This attribute is calculated from the on-premises user’s Domain GUID, performing a double Base64 encoding procedure and synchronizing that into the cloud.

This sourceAnchor is NOT exposed via PowerShell or any other UI or tool, so it is very difficult to determine if an online object is being managed by DirSync other than whether an online object’s fields, such as name, telephone number, etc are grayed out and ready only.

In order to determine whether an online object is being managed via DirSync, a PowerShell connection into the Microsoft Online Directory Service (MSODS) environment and look specifically for ImmutableID, which is an exposable attribute that reflects the online user’s sourceAnchor.

Steps to Review Online User ImmutableID

  1. Download and install the Microsoft Online Services PowerShell for Windows
      1. x86:
      2. x64:


  2. Launch PowerShell and connect to Office 365 MSODS and query for an ImmutableID for
    $Cred=get-credential – [Microsoft Online Global Administrator creds] 
    Connect-MSOLService –Credential $cred 
    Get-MsolUser –UserPrincipalName | FL Immut*

Whatcha thinkin?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s