Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New feature "Invite internal users to B2B collaboration" blocked due to onPremisesUserPrincipalName

Copper Contributor

The conversion of internal users to B2B users works also in the hybrid scenario according to the article. But in many organisations, the onPremisesUserPrincipalName is filled in Azure AD due to the sync. The conversion gets blocked because of it. Does anyone know why? What makes this attribute special?

 

Error message says: 

"code": "BadRequest",
"message": "The user can't be migrated to external user as the user object has value assigned to OnPremisesUserPrincipalName property.

 

This feature is still in preview, you can find it here https://docs.microsoft.com/en-us/azure/active-directory/b2b/invite-internal-users

4 Replies

@SebastianStauber 

 

hi how did yo mange to , sync  the the ‘mail‘ attribute  to reflect the users foreign AAD UPN.

 

-ibaaa

@ibaaaa I added the mail to otherMails, this then allowed me to convert, but hit this error message. 

@SebastianStauber I know it's quite a while since you've asked but:

You could create a custom rule in aad connect that is setting this value to Null. 

It worked in my environment.

@almacho77 Could you please let me know if you used the AuthoritativeNull entry in AAD Connect to flush the attribute in Azure AD. If not which rule / value did you use?