Forum Discussion
Changing UPNs / Domains
We are going to be changing our company name, so this requires a new domain.
The new domain has been added to On-Prem AD and Office365.
On a test user we have changed the UPN to the new domain and Azure AD Connect returns this:
Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid. Update the value in your local Active Directory
I found this article (https://support.microsoft.com/en-us/help/2669550/changes-aren-t-synced-by-the-azure-active-directory-sync-tool-after-you-change-the-upn-of-a-user-account-to-use-a-different-federated-domain) and we tried Method 2 and we get same error.
When I try to run Method 1, I get this error for the first Set-AzureADUser command:
Set-AzureADUser : Error occurred while executing SetUser
Code: Request_BadRequest
Message: Property passwordProfile.password value is required but is empty or missing.
RequestId: xxxxxxxxxxxxxxxxx
DateTimeStamp: Wed, 19 Apr 2017 16:28:36 GMT
Details: PropertyName - passwordProfile.password, PropertyErrorCode - PropertyRequired
Since, the support page doesn't mention having to have a PasswordProfile parameter and I've found very very little in regards to the command on the net, does anyone have any suggestions?
15 Replies
Seems you are trying to change between federated/managed domains, thus the error. A federated user does not have any password set in the service, so you need to perform some actions when converting it (similar to what Convert-MsolFederatedUser does). So this will not work for federated:
# Set-AzureADUser -ObjectId e53d644c-db69-4e19-a1ab-94bd1f5d11e4 -UserPrincipalName irestri@michevdev2.onmicrosoft.com
Set-AzureADUser : Error occurred while executing SetUser
Code: Request_BadRequest
Message: Property passwordProfile.password value is required but is empty or missing.This will:
# $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
# $PasswordProfile.Password = "Password123"# Set-AzureADUser -ObjectId e53d644c-db69-4e19-a1ab-94bd1f5d11e4 -UserPrincipalName irestri@michevdev2.onmicrosoft.com -PasswordProfile $PasswordProfile
Sorry, but having to change a user's password is unacceptable.
Well IF you are changing between federated/managed auth, it's mandatory.
Hi Cary,
Are you changing in local Active Directory ?
We make the User changes in on-prem AD via ADUC.
Then the article's steps are done in Azure AD.
Hi Cary,
If you are syncing to Azure AD your changes first must be on your AD.
This script could help you resolving your issue.
https://gallery.technet.microsoft.com/PowerShell-Script-to-Allow-6b251cb4
