Obtaining your ImmutabeID the easy way because hard matching is a nightmare

Imagine, your company has just been brought by another organization. The acquiring company what you using Office 365 services as quick as possible so they create you a Cloud Only Account to leverage their existing tenant. Now imagine, you are 12 months into the acquisition and you want to have a single sign-on experience for your end-users.

Now you have a dilemma on your hands, as your primary user principle name on-premises is different from your UPN in the Azure Tenant.


Image result for captain picard head in hand
What did I do??

You engage your Windows PowerShell Console in Administrator Mode and teleport in the Get-ImmutableID.ps1 PowerShell script

Image result for captain picard
New Features coming soon!!

With this script, you are able to download all the ImmutableIDs from your local Active Directory into a single CSV file to your desktop.

Please Note:

If there are additional fields you would like to see in this script, please submit an update via Github or email alerts@blogabout.cloud

You will need some manual intervention matching your on-premises AD Users and AAD Users but once this is complete you will be able to run the following script to set the ImmutableID in your Azure Active Directory.

PowerShell Script

region File Path
$Filepath1 = Get-Filename -initialdirectory “$env:USERNAME\desktop”
$csv1 = Import-Csv -Path $filepath1

Start-Transcript “env:userprofile\desktop\SetAllUserAADtest.txt”

ForEach($user in $csv1){

{ Get-AzureADUSer -ObjectId $user.primarysmtpaddress -ErrorAction Ignore Write-Host "Success:",$user.PrimarySMTPAddress,"was found and set with",$user.ImmutableID -BackgroundColor DarkGreen

Set-AzureADUser -ObjectID $user.PrimarySMTPAddress -ImmutableID $user.ImmutableID }


{ Write-Host "ERROR:",$user.PrimarySMTPAddress,"could not be found" -BackgroundColor DarkRed }


While this is a tried and tested in my own deployments, I am unable to take responsibility for any potential issues you may encounter. Keep safe with responsible scripting, always test in a lab environment first.

The Author – Blogabout.Cloud

Require BitLocker -2016345708 (Syncml(404): The requested target was not found)

Hello Reader,
During a Windows 10 pilot roll-out, I have run into the following issue where the Device Compliance Policy is shown an error for Require BitLocker but however, Encryption of the data storage on the device was compliant?


This issue was being caused PCR7 Configuration stating “Binding Not Possible”. The resolution of this message is to UPDATE YOUR BIOS!! The devices were newly purchased but required an urgent patch to their BIOs.

Required Steps

  • Decrypt/suspend BitLocker in order to install the latest firmware.
  • Install the BIOs
  • Reboot device
  • Turn on BitLocker

Once the device has again checked in for its Device Compliance Policy, both Encryption of data storage on the device and Require BitLocker should be compliant.

The Author – Blogabout.Cloud