Microsoft
MicrosoftThis evening we're experiencing a MSOnline "fire drill" where it is temporarily blocked to "help" us find places that will be broken in a month or two.
One of the PowerShell scripts I have that uses it updates UserPrincipalName for users, because back in the day the sync process wouldn't. I went to see if what Copilot told me about the sync configuration to get it flowing automatically was on track but I couldn't because while authenticating I got the message "An error occurred while executing the An error occurred while executing the 'Get-MsolUserRole' command. Access Denied. You do not have permissions to call this cmdlet. command. Learn more" (The broken-sounding message is faithfully reproduced here.)
We are running version 2.3.20.0 which https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history#retiring-microsoft-entra-connect-2x-versions states is supported until October 7, 2025. I don't know how it can be supported if it relies on the MSOnline module that will be gone months before.
I've got other projects with deadlines, too. I don't need this kind of fire drill and this uncertainty.
A few months late on this reply, but yes I can confirm the Sync process will update UPNs now once you enable the Entra Directory sync feature for 'SynchronizeUpnForManagedUsersEnabled'. Instructions are located here: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-syncservice-features#synchronize-userprincipalname-updates
You can also use the cmdlet Update-MgUser from Graph.Users module to update the UPN in the User.ReadWrite.All scope.
