Change the ImmutableID for an Office 365 Mailbox

The immutableID is what ties an on-premise AD user object to an Office 365 mailbox. The immutableID is really a Base64 encoded version of the Active Directory user object’s objectGUID attribute.

Because the GUID is generated by the system and cannot be changed you will have to update the immutableID in Office 365 in the event that the AD object’s GUID changes. This could happen during a Forest/Domain consolidation or migration to a new AD environment.

Assuming that a new user has been created with the same userprincipalname, the following script should create a new immutableID based on the objectGUID and update the  Office 365 account. This script will require the “Microsoft Online Services Module for PowerShell ” and the “Active Directory PowerShell Module” to be imported.

$cn = “<username>”
$guid = (get-aduser -f {cn -eq $cn} -pr objectguid).objectguid
$upn = (get-aduser -f {cn -eq $cn}).userprincipalname
$ImmutableID = [System.Convert]::ToBase64String($guid.ToByteArray())

set-msolUser -userprincipalname $upn -immutableID $ImmutableID