Sometimes, as you are deploying ADFS, DirSync, Hybrid etc… you might decide that you want to test ADFS with your tenant before you have DirSync in place (maybe you're waiting on a server, or a firewall rule etc..).
This bit of code below allows you to create a cloud user and populate the ImmutableID value from a on-premises user account.
Just run the script and provide the sAMAccountName of the on-premises object along with the UPN of the cloud object.
# Update Cloud User with on-prem account ImmutableID for testing SSO
# Update-ManagedCloudUserWithOnPremUserObjectGuidAsImmutableID.ps1
param
(
[Parameter(Position=0, Mandatory = $true, HelpMessage="Identify the SAMaccountName for the source on-prem user whose ObjectGUID you want to use")]
[String] $OnPremUser,
[Parameter(Position=1, Mandatory = $true, HelpMessage="Identify the Tenant user UserPrincipalName where you want to apply the new ImmutableID.")]
[String] $TenantUPN
)
# Connect to MSOnline
if(!(get-module -name MSOnline)){import-module MSOnline}
Connect-MsolService
if(!(get-msoluser -userprincipalname $tenantUPN)){Write-host -fore red "UPN provided cannot be located in tenant.";exit}
$searchbase = [DirectoryServices.DirectorySearcher] "(samaccountname=$OnPremUser)"
$user = $searchbase.FindAll()|foreach-object {$_.GetDirectoryEntry()}
$userguid = [Guid]($user.Properties["objectGUID"][0])
$immutableID = [System.Convert]::ToBase64String($userguid.ToByteArray())
write-host $immutableID
set-msolUser -userprincipalname $TenantUPN -immutableID $ImmutableID