Submit a request

Nerdio Help Center

How do I synchronize users in a pre-existing AD synched domain?

While moving a pre-existing IT environment to Nerdio, you may encounter a scenario where AD Sync has been enabled and is running in the pre-existing environment. Since AD Sync is already running, the users will be flagged as "Synced with Active Directory" in Office 365. Follow the steps below to import users from such an environment in to Nerdio.

If you haven't connected to O365 yet, you'll need to complete that step first. You can do this by following the instructions found here

Nerdio Tip
  • IMPORTANT: The procedure below only applies if the existing user objects are "Synced with Active Directory". You should consult with a Nerdio onboarding engineer if your scenario is even slightly different or if you have any questions. You may need to leverage Nerdio’s Hybrid AD feature.


Step I: Prepare pre-existing environment

Complete the following on steps in the pre-existing environment:

  1. Stop dir sync on Office 365 account. You can issue the following command using Powershell:
    Set-MsolDirSyncEnabled -EnableDirSync $false
  2. Stop and disable AAD Sync service in the current domain.
  3. Wait for Office 365 users to show users as "In Cloud" instead of "Synced with Active Directory". This can take up to an hour.
  4. Run the script below to clear Immutable IDs. Note you must set $custDomain to users' primary domain.
    $custDomain = "*"
    $syncedUsers = Get-MSOLUser | Where {($_.userprincipalname -like $custDomain) -and ($_.ImmutableID -ne $null)}
    foreach ($user in $syncedusers){
    Set-MSOLUser -Userprincipalname $user.userprincipalname -immutableid "$null"
  5. Once the previous step completes, verify that primary primary domain is listed in NAP.
    1. Go to Onboard - Domains and make sure your domain is listed on the screen.
    2. Click button "Set as default" to set your domain as the default for when users are added to Nerdio.
  6. Enable AD Sync in Office 365 and allow the sync to complete its first run. This can take several minutes or longer. 
    Set-MsolDirSyncEnabled -EnableDirSync $true

This completes step I. Now when new users are created in NAP, they will match to the Office 365 account automatically.

Step II: Complete standard on-boarding process

Now that users are flagged as "In cloud", you may proceed with the standard on-boarding process documented in this KB article.


Was this article helpful?
0 out of 0 found this helpful


Please sign in to leave a comment.