Forum Discussion

C_the_S's avatar
C_the_S
Bronze Contributor
Apr 19, 2017

Changing UPNs / Domains

We are going to be changing our company name, so this requires a new domain. The new domain has been added to On-Prem AD and Office365.   On a test user we have changed the UPN to the new domain a...
office 365
NunoAriasSilva's avatar
NunoAriasSilva
MVP
Apr 19, 2017

Hi Cary,

 

Are you changing in local Active Directory ?

 

 

C_the_S's avatar
C_the_S
Bronze Contributor
Apr 19, 2017

We make the User changes in on-prem AD via ADUC.

 

Then the article's steps are done in Azure AD.

    • C_the_S's avatar
      C_the_S
      Bronze Contributor
      Apr 19, 2017

      I've attempted to reply to this thread twice already but neither has shown up.

      Want to thank you for the link as I modified their script and it worked.

       

      And no VasilMichev, it did not require a password change for it to work. It just required running the proper PowerShell script which the Support document obviously doesn't have.

      • Justin Baker's avatar
        Justin Baker
        Copper Contributor
        Apr 27, 2017

        I ran into the same issue and this exchange helped me, but I'd like to add that to me the big difference between the MSOL cmdlets and the Azure AD (new) cmdlets is that the MSOL cmdlet will generate a password for your profile when running it and the AzureAD cmdlets do not. 

         

        In order to fix this issue you first have to change your UPN to match the default domain - for example @tenant.microsoft.com which is a MS domain and since that domain is not a federated one, the user account needs a password.

         

        When setting the UPN to match the default domain using the MSOL cmdlets, I didn't get an error about password profile being empty which was great. The cmdlet worked, however, it returned a random 8 character alphanumeric word each time I executed it when the default domain (@tenant.microsoft.com) was part of the UPN.  This leads me to believe the cmdlet is generating a password and setting it as part of its process for setting the UPN when no password exists in the profile and getting around the error that the Set-AzureADUser cmdlet throws when no password is set in the profile.

         

        When you run the cmdlet the 2nd time and set it to the federated domain name (its a 2 step process to fix this issue), the random alphanumeric 8 character word is not generated which makes sense as the domain the UPN is using is now a federated one and the user will authenticate against your on-premise ADFS instance not against an Azure owned domain (aka default domain).

         

         

         

    • C_the_S's avatar
      C_the_S
      Bronze Contributor
      Apr 19, 2017

      I modified the script that you showed me and fortunately it didn't require a password change.

       

      Connect-MSOLService
      Set-MsolUserPrincipalName -UserPrincipalName User@contoso.com -NewUserPrincipalName User@tenant.onmicrosoft.com
      Set-MsolUserPrincipalName -UserPrincipalName User@tenant.onmicrosoft.com -NewUserPrincipalName User@fabrikam.com

       

       

      That support article definitely needs updating!

      • Caio_Bauab's avatar
        Caio_Bauab
        Copper Contributor
        Apr 25, 2017
        Thanks!!!
    • C_the_S's avatar
      C_the_S
      Bronze Contributor
      Apr 19, 2017

      Thanks, I'll give that one a look.