A previous member of staff has already set up Azure Active Directory Connect with successful synchronisation.
However, the Source Anchor chosen is the SamAccountName. And the SamAccountName can change if a user has a name change. And there may be the duplication of a SamAccountName in the event of a member of staff leaving, and a new member of staff with the same name starting soon after.
I believe that it is advisable to user the objectGUID as the Source Anchor, and so we are considering changing the Source Anchor.
Given that we have only assigned O365 licenses to only 41 people so far (and nothing else assigned to make use of Azure AD), am I correct in thinking that this is the best way to change our Source Anchor?
a) Disable sync on Azure AD Connect.
b) Wait 72 hours, after which point the users in Azure AD will automatically have been converted to managed users.
c) Delete all Azure AD users apart from those that have a O365 license assigned.
d) For the remaining users in Azure AD, edit the ImmutableID attribute so that it matches the respective objectGUID for AD account (which I believe needs to be performed via Powershell as there is no way of doing this in a GUI).
e) Create a new instance of Azure AD Connect, where it is configured to have the Source Anchor as the objectGUID?
If there is any flaw in the above steps in the real world, then I would appreciate it if it could be made aware.