From 96368d0c7c74ac71f00c62b34884f5a9dbe54106 Mon Sep 17 00:00:00 2001
From: Corbin <corbin@cbarts.net>
Date: Sat, 18 Apr 2026 08:43:35 -0400
Subject: [PATCH] Add `Remove-OnPremImmutableId` script

---
 m365/Remove-OnPremImmutableId.ps1 | 33 +++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 m365/Remove-OnPremImmutableId.ps1

diff --git a/m365/Remove-OnPremImmutableId.ps1 b/m365/Remove-OnPremImmutableId.ps1
new file mode 100644
index 0000000..d7ccba9
--- /dev/null
+++ b/m365/Remove-OnPremImmutableId.ps1
@@ -0,0 +1,33 @@
+param (
+    [Parameter(Mandatory=$true)]
+    [string]
+    $UserId
+)
+
+$VerbosePreference = 'Continue'
+
+Connect-MgGraph -NoWelcome -Scopes User.ReadWrite.All,Organization.Read.All
+
+$User = Get-MgUser -UserId $UserId -Property DisplayName,UserPrincipalName,Id,OnPremisesImmutableId | Select-Object -Property DisplayName,UserPrincipalName,Id,OnPremisesImmutableId
+
+Write-Host "User identified to remove is '$($User.DisplayName) ($($User.UserPrincipalName))'"
+do {
+    $Decision = Read-Host "Continue? (y/n)"
+    if ($Decision -cmatch '[Nn](?:o)?') { exit }
+} while ($Decision -cnotmatch '[Yy](?:es)?')
+
+Write-Host "Removing OnPremisesImmutableId..."
+Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/$($User.Id)" -Body @{OnPremisesImmutableId = $null}
+Write-Verbose "OnPremisesImmutableId: '$($User.OnPremisesImmutableId)' -> '$((Get-MgUser -UserId $UserId -Property OnPremisesImmutableId).OnPremisesImmutableId)'"
+
+Write-Host "Starting ADSync Delta sync... " -NoNewline
+try {
+   if ($Configuration.RemoteAdSync) {
+      Invoke-Command -ComputerName $Configuration.RemoteAdSyncComputerName -ScriptBlock { (Start-AdSyncSyncCycle -PolicyType Delta).Result }
+   } else {
+      (Start-AdSyncSyncCycle -PolicyType Delta).Result
+   }
+} catch {
+   Write-Host -ForegroundColor Red "Failed: $_"
+   break
+}
\ No newline at end of file