SOLVED

Using another UPN to login to Exchange Online

%3CLINGO-SUB%20id%3D%22lingo-sub-1718564%22%20slang%3D%22en-US%22%3EUsing%20another%20UPN%20to%20login%20to%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1718564%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20my%20premise%2C%20users%20are%20using%20the%20UPN%20to%20login%26nbsp%3B%40mycompany.com%20%2C%20we%20have%20another%20small%20company%20called%20smallcom.com%2C%20in%20my%20premise%2C%20I%20added%20an%20extra%26nbsp%3B%20UPN%20for%20them%20so%20they%20can%20log%20in%20using%20%3CA%20href%3D%22mailto%3Aalias%40smallcom.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ealias%40smallcom.com%3C%2FA%3E%26nbsp%3Bas%20everything%20is%20hosted%20in%20my%20datacenter.%3C%2FP%3E%3CP%3EI%20am%20moving%20to%20Office%20365%2C%20and%20don't%20know%20how%20to%20add%20additional%20UPN%20to%20the%20user%20on%20my%20tenant%20as%20once%20I%20add%20the%20additional%20UPN%2C%20the%20login%20process%20keeps%20failing.%3C%2FP%3E%3CP%3ENote%3A%20I%20added%20the%20smallcom.com%20as%20domain%20and%20validate%20it.%3C%2FP%3E%3CP%3Eso%20is%20this%20a%20possible%20scenario%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1718564%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1721057%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20another%20UPN%20to%20login%20to%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1721057%22%20slang%3D%22en-US%22%3E%3CP%3EThere's%20no%20such%20thing%20as%20additional%2Fextra%20UPN%20in%20Exchange%20Online.%20You%20should%20have%20no%20problem%20adding%20another%20domain%20and%20changing%20the%20user's%20UPN%20to%20match%20said%20domain%20though.%20And%20if%20needed%20you%20can%20redirect%20the%20sign-in%20process%20to%20on-premises%2C%20so%20that%20users%20keep%20the%20same%20login%20experience.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1724024%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20another%20UPN%20to%20login%20to%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1724024%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20reply%2C%3C%2FP%3E%3CP%3EI%20have%20it%20already%20as%20Domain%20and%20I%20set%20the%20user%20to%20use%20this%20domain%20for%20login%20and%20I%20am%20using%20AD%20Connect%20Pass-through%2C%20so%20I%20assume%20all%20authentication%20are%20passing%20to%20my%20local%20AD.%20But%20still%20users%20from%20this%20domain%20keep%20failing%20to%20login...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1724175%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20another%20UPN%20to%20login%20to%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1724175%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F790097%22%20target%3D%22_blank%22%3E%40farism%3C%2FA%3E%26nbsp%3BHello%2C%20perhaps%20this%20preview%20is%20applicable%20in%20your%20scenario%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22This%20feature%20tells%20the%20Azure%20AD%20login%20servers%20to%20not%20only%20check%20the%20sign-in%20name%20against%20UPN%20values%2C%20but%20also%20against%26nbsp%3BProxyAddresses%26nbsp%3Bvalues%20for%20the%20email%20address.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E'Sign-in%20to%20Azure%20Active%20Directory%20using%20email%20as%20an%20alternate%20login%20ID%20(preview)'%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-use-email-signin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-use-email-signin%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1728135%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20another%20UPN%20to%20login%20to%20Exchange%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1728135%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3Ethats%20what%20I%20need%2C%20but%20the%20problem%20is%20its%20a%20Preview%2C%20and%20dont%20think%20its%20good%20to%20use%20it%20in%20production.%3C%2FP%3E%3CP%3EI%20dont%20know%20what%20is%20the%20road%20map%20for%20this%20feature..%3C%2FP%3E%3CP%3EDo%20you%20think%20its%20OK%20to%20use%20it%20%3F!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi, 

On my premise, users are using the UPN to login @mycompany.com , we have another small company called smallcom.com, in my premise, I added an extra  UPN for them so they can log in using alias@smallcom.com as everything is hosted in my datacenter.

I am moving to Office 365, and don't know how to add additional UPN to the user on my tenant as once I add the additional UPN, the login process keeps failing.

Note: I added the smallcom.com as domain and validate it.

so is this a possible scenario 

7 Replies
Highlighted

There's no such thing as additional/extra UPN in Exchange Online. You should have no problem adding another domain and changing the user's UPN to match said domain though. And if needed you can redirect the sign-in process to on-premises, so that users keep the same login experience.

Highlighted

@Vasil Michev 

Thanks for the reply,

I have it already as Domain and I set the user to use this domain for login and I am using AD Connect Pass-through, so I assume all authentication are passing to my local AD. But still users from this domain keep failing to login...

Highlighted
Best Response confirmed by farism (Occasional Contributor)
Solution

@farism Hello, perhaps this preview is applicable in your scenario?

 

"This feature tells the Azure AD login servers to not only check the sign-in name against UPN values, but also against ProxyAddresses values for the email address."

 

'Sign-in to Azure Active Directory using email as an alternate login ID (preview)'

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-emai...

@bec064 

Thanks

thats what I need, but the problem is its a Preview, and dont think its good to use it in production.

I dont know what is the road map for this feature..

Do you think its OK to use it ?!

Highlighted

@farism Hello, that sounds promising! Well, as it doesn't work now I know I should use it if it solves the issue, even if it's in preview. But obviously that's your call. Would you mind letting me know if you implement it and the outcome as well? Thanks.

Highlighted

@bec064 

I guess I will go for it and try it, as long as it wont effect the current ADSync and other things.. so if its only adding without effecting other thing, then yes.

what do you think :)

Highlighted

@farism Hello again! Try it in a test environment if you're worried some things might not function properly? Other than that go through the preview limitations https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-emai...

 

Good luck :)