Forum Discussion
End User OWA and Office 365 Suite Credentials Inconsistent
We have an on prem AD that is connected to O365 using Azure AD Sync. One of our end users is having issues with their log-in credentials. In AD we changed their Primary and the User Logon Name email to a different naming scheme. This was propagated over to O365 and the admin portal reflects this change. They are able to log into the OWA with the new credentials. Although on their local computer Outlook and other programs in the Office 365 suite does not want to accept the new credentials. They still accept the old which should not still be associated with the account. I tried to see if it was possibly a credential storing issue on that computer. Although I am able to replicate the issue on multiple computers that have a fresh install of windows and O365 so that wouldn't be the case.
This whole issue has me baffled, not only that their is 2 different usernames being used, but that the old user name is still able to be used at all. Along with changing the password works for both usernames. I really don't want to resort to re-setting the entire account, but i feel like that is what it is boiling down too.
Any thoughts?
12 Replies
Did you change the UPN to a new federated domain suffix? Like from john@contoso.com to john@fabrikam.com?
If yes, please have a look at this article: https://support.microsoft.com/en-us/help/2669550/changes-aren-t-synced-by-the-azure-active-directory-sync-tool-after-yo
If no, could your please describe your problem a little bit more in detail with some examples of changes you did?
I did not change the domain name. To explain it a bit better the reason for changing the UPN was to make it consistent. We have been using the naming scheme FirstInitialLastName@Domain.com in the past and then more recently firstname.lastname@domain.com . We have been having issues with the inconsistency and end users not knowing which naming scheme they have so I wanted to start making everyone consistent. I updated around 15 users on the old naming method to the new naming method and all but 1 had no issue.
The steps i toke to change them was changing the account "User Logon Name:" on the AD User's Properties, as well as changing the proxyaddress. I then synced the user to Office 365. Inside of the Office 365 admin portal the user has the correct UPN. They are only able to log into the OWA with the new address. As well as the Outlook app on their Iphone. The old FirstInitialLastName@Domain.com would no longer work. Although on the computer side Outlook will not take firstname.lastname@domain.com and will only accept the old FirstInitialLastName@Domain.com . At first I thought this might have been a bug with the stored credentials. Although after clearing them that did not sold the problem. I proceeded to removing the account from the computer via Control Panel/User Accounts/Mail (Microsoft Outlook 2016) still not dice it will only accept the old FirstInitialLastName@Domain.com even on account set-up. I attempted this again on a separate computer that was just set-up as well as our Remote Desktop environment. And it still will only use the old FirstInitialLastName@Domain.com and will not take the new firstname.lastname@domain.com.
I even had the user attempt to change their AD password. The new password synchronized with Office 365 as normal, but it still only lets them use the old UPN to log into Outlook on their computer.
Somewhere something would to have to have gone wrong as the other users I did this to are not having this issue. Although I can't seem to find any huge difference in the accounts. It just doesn't make sense to me why the OWA and Outlook Phone app would be correct but the computer side outlook isn't.
That's weird because OWA and mobile phone is working properly. I assume you are using password hash synchronization with AAD Connect, so no authentication issue should occour on-premises.
I would try to change the UPN a second time back to the old one, perform a full synchronization, change it back to the new one and perform a full synchronization. But it seems to be a client issue because OWA is working fine.
What happens if you create a new Outlook profile with the new UPN? When modern authentication is enabled, the primary smtp address should be already filled in the user name field.
- If the change done in the local AD is correct, then when propagated to Office 365 it should not cause any problem...just to be sure: did you properly update the following AD attributes: UPN, ProxyAddresses?
The userPrincipalName and Proxyaddresses SMTP are both reflecting the proper username that they are able to log into the OWA with. They are not able to log into Outlook with this and have to use the previous UPN to get into outlook. These changes were made on December 28th.
I did notice that this in this users Proxyaddresses they did not have an SIP set. This might be the issue and I am trying that now.
Adding the SIP did not solve the issue. Back to square one.
