Forum Discussion
Change ADconnect to disable Alternate Login ID
Good morning. We have a client that implemented ADConnect using Alternate Login ID because he was unwilling to change. Now after he recognized the drawbacks he changed the UPN. Now my question is can I easily change ADConnect and ADFS back to use the standard UPN mapping or do I have to completely remove the existing connection. If so, what will this do to the 120 migrated mailboxes, etc.?
6 Replies
Hi Stefan,
If I understand correctly then the required settings for UPN are set as well (@contoso.com) and you should be able to disable the alternate ID by running the following command:Set-AdfsClaimsProviderTrust -Target Identifier "AD AUTHORITY" -AlternateLoginID $NULL -LookupForests $NULL
No additional settings are needed for ADConnect when disabling the Alternate ID.
See also https://technet.microsoft.com/en-us/library/dn659436.aspx
Hi Mike,
sorry to bring this threat up again. I am not only talking about the ADFS part but mainly the Azure AD Connect setting which can only be specified during initial installation as it seems. Any idea?
Stefan
Hi Stefan,
AD Connect uses a couple of ways to mactch users from AD with AAD, even when reinstalling the product it tries to match users again with users that already have been synced previously. This is usually done with the immutable ID from AD which is by default the ObjectGUID as SourceAnchor from AD. If you need to change the setup then I would recommend to uninstall AD Connect competely and then reinstall it using the needed settings. Be sure to first check the current configuration first and verify that the ObjectGUID is indeed the SourceAnchor.
If that is the case then you can proceed and uninstall AD Connect, then reinstall it again and select the needed Login ID settings.
