Forum Discussion
AAD Connect sync local mail attribut as cloud UPN
Hi Everyone,
during installation of Azure AD Connect and synching on-premise user accounts into my cloud tenant and matching these with already existing cloud only accounts, I run into the problem that the on-premise UPN(custom built from name and surname) is set as cloud UPN and not the proxy/mailaddress of my testaccounts.
I simply want that AAD Connect sets the mail or proxyaddress(SMTP:...) attribut as UPN for the matched cloud accounts, which already have their mail address as UPN but after synchronization these correct UPNs are gone.
The cloud domain is set up as upn suffix on-premise and the domain is verified in the tenant.
Is there any configuration I can change or adjust e.g. in the rules editor of AAD Connect or somewhere else which solves my problem?
I know that I can set the UPN via powershell to the correct one after sync but this can't be the best way to do it.
Thanks in advance!
Julian
Why is that a problem, it's the expected behavior. If you want to customize this behavior, you have to play with the default sync rules.
Here's the logic used by the rules:
IIF(IsPresent([userPrincipalName]),[userPrincipalName], IIF(IsPresent([sAMAccountName]),([sAMAccountName]&"@"&%Domain.FQDN%),Error("AccountName is not present")))
In other words, if the UPN value is populated, it will use that. If the UPN value is not populated, the SamAccountName attribute is used, combined with the @ sign and the domain name.
- Aluca12Copper Contributor
Hi Vasil, well, it's a problem because it's annoying to work around atm.
If there is a easy way to accomplish my goal without much effort, then I'll be happy but currently I haven't found anything useful.
As I'm not familiar with these rules I haven't touched them yet.
If I understand you correctly I just need to change in your string the "userPrincipalName" to "mail" at the correct place?
Well, for one, "mail" is not the same as the primary SMTP address, and we don't really have a primarySMTPaddress attribute. And, modifying the default rules is not recommended, so you should create a separate one with lower priority: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration