RM Cloud Service Delivery can assist you with your Microsoft® 365™ federation. For further information, please speak to your Sales representative on 01235 645 316 or email getintouch@rm.com, quoting this article.

You already have a Microsoft 365 domain populated with user accounts. Those user accounts are most likely configured with OnPremisesImmutableIds (unique references) which have come from the previous Microsoft 365 provisioning method, e.g. Azure AD Connect. These need to be removed in advance of the domain's federation to RM Unify, as RM Unify will be populating the Microsoft 365 accounts with its own ids.

If the OnPremisesImmutableId property is not empty for your desired users, the RM Unify federation will fail. Also, if the Microsoft 365 domain federation settings are already set to Federated, rather than the required Managed, then the RM Unify federation will also fail.

1. A Microsoft 365 global administrator account with a username on the '.onmicrosoft.com' domain, e.g. JSmith@SchoolA.onmicrosoft.com. If no global administrator account exists on your 'onmicrosoft.com' domain, please add a new user to meet the requirements by following this article - Add users and assign licenses - Microsoft 365 admin | Microsoft Docs.
2. Connection to a computer with Microsoft Graph Powershell SDK installed. See here for more details on prerequisites and how to install the module.
3. A downloaded copy of the PowerShell script, which can be found in DWN3444137 in the Other Useful Articles section below.

This is the process to be followed for running the PowerShell script, which will unfederate the Microsoft 365 domain and clear the OnPremisesImmutableId property of all users.

1. Open a new PowerShell window and change the folder location to where you copied the script file.
2. Run the script file.
3. When prompted, enter your Microsoft 365 domain name - this is the domain which holds your Microsoft 365 user accounts.
4. When prompted, enter your Microsoft 365 domain administrator credentials. If the details entered are correct, the script will unfederate your Microsoft 365 domain and start clearing the OnPremisesImmutableIds of all users. For 1000 users this may take approximately 20 minutes.
5. Wait until the script runs to completion.
6. Once completed, you will see the message "Success - OnPremisesImmutableId cleared for <count> users".
7. If your domain is already unfederated, you will get the message "Domain <domain> is not federated. Do you still want to proceed with clearing user OnPremisesImmutable ID? Please enter y/n.".
8. Press 'y', if you want to proceed in clearing those OnPremisesImmutableIds, or 'n' to quit.

Important: After running the PowerShell script, you must wait for at least an hour before starting the Microsoft 365 wizard. This is to allow the changes to propagate around the Microsoft systems.

1. If you see an error message like "This domain does not exist. Check the name and try again.", verify the domain name you entered for typos and try again.
2. If you see an error message like "The user name or password is incorrect. Verify your user name, and then type your password again.", verify the credentials you entered and try again.
3. If you see an error message like "OnPremisesImmutableID can't be removed as this account is a local account and not a cloud account", the account is/was previously synced with your AD using Azure AD Connect. Microsoft prevents removal of OnPremisesImmutableID where it believes the account is still AD-Synced. Please convert the affected M365 accounts to cloud accounts.