Forum Discussion

Copper Contributor

Jun 27, 2022

AD Connect passthrough authentication fails for some users

Hi with Azure AD Connect passthrough authentication we see "50126 InvalidUserNameOrPassword" for some users. In C:\ProgramData\Microsoft\Azure AD Connect Authentication Agent\Trace\AzureADConnectAu...

Azure AD Connect

Kriz123

Copper Contributor

Aug 18, 2022

mark1nh

Thank you for your information on the behavior. The same seems to affect us. Where do you put the on-prem upn in the azure ad? The corresponding field is deactivated and already filled with the on-prem upn. Wasn't that the case with you?

Users can no longer log in here unless I change the azure upn to the email address instead of the onmicrosoft.com address.
I think we have the same problem but different causes. We have a not routable on-prem domain "cpny.local" and a routable mail domain "company.com". Only when I select the "company.com" domain in the on-prem AD user settings and change the Azure-AD UPN to the email address login work. Curiously, that was not the case at the beginning, since onmicrosoft.com could remain as Azure UPN.

Regards

Kriz

mark1nh

Copper Contributor

Aug 18, 2022

The field onpremisesuserprincipalname is filled during Azure AD Sync. We have a transformation for the correct value since Azure UPN ist not the right one in our case.

As far as I know Passthrough Authentication uses the onpremisesuserprincipalname mainly if "Alternate Login" Feature is enabled. In other cases it might not use this field.

Check what you have as UPN in your Azure AD and what your AD Controllers understand as valid login-Name(s).