How it works...
In hybrid identity, where Active Directory and Azure AD work together, an attribute needs to be agreed upon to be the end-to-end identifier. In some synchronization solutions, this attribute is called the ImmutableId. In Azure AD Connect, it's called the sourceAnchor.
For synchronization purposes, this attribute needs to be immutable, meaning it doesn't change during the lifetime of an object, and unique. That's why an email address or surname make for bad sourceAnchor attributes: the email address might change when someone gets married. A surname might not be unique throughout the organization.
Beyond immutability and uniqueness, the attribute value for a sourceAnchor attribute must be fewer than 60 characters in length; ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access