Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Why a different username format?

Copper Contributor

When our on premises AD users sync with AzureAD, almost every one of them get a username in Azure in the format of their email address, which would be <on-premADaccount>@mycorp.com.  However, one user after synchronization has been given an AzureAD account with a modified username and the tenant domain.  Instead of a normal jdoe@mycorp.com, it is jdoe0365@mycorptenant.onmicrosoft.com.  Clicking "manage username of course tells me that it is synced with the local AD and has to be edited there.  Looking through the attribute editor for this user in AD, I saw nothing like "jdoe0365", nor did I see that anywhere else on his account in ADUC.

 

This user account was different in one respect.  He previously had an account created directly in Azure, and its username was jdoe@mycorptenant.onmicrosoft.com.  It was a Global Administrator.  I deleted this account, waited more than 15 minutes, and verified it was no longer in AzureAD before moving the on premises AD account to a synchronized container.

 

Is there any way to get this AzureAD account set to our normal jdoe@mycorp.com?  Or is this user stuck with this whenever he has to log into Azure or O365 to perform admin functions?

 

Thank you very much for your help with this.

 

 

3 Replies
The user name format you see (usernameXXXX where XXXX is a 4 digit number) is usually due to a sync conflict with an existing account - which based on your feedback seems to have happened. I would suggest deleting the existing cloud only account and force it to be removed from the ‘recycle bin’. You can change the existing UPN using PowerShell, or alternatively force the account to be recreated in Azure AD.

For future reference you can check sync conflicts (with instructions to correct them) from the Azure AD Connect Health -> Sync Errors blade in de Azure AD portal.

Thanks very much for your reply.

 

You're exactly right about the conflict.  I had overlooked a contact we had created for this user so that users whose mailboxes were migrated to the cloud would be able to send mail to this person's regular Exchange (on prem) mailbox.  (Since he had a account created directly in Azure, we left him in an unsynchronized OU, which meant that his name in the O365 GAL pointed to the mailbox associated with the Azure account's mailbox in Exchange Online.)

 

I'll have to delete that contact.  Would the most straightforward thing be to move him back to an unsyncronized OU in AD and let that new account be removed from AzureAD, then move the AD account back to a synchronized OU so that it would be recreated?  Or would it be better to modify the existing Azure account?  If the latter, what would I change in AD in order to change the account name in Azure since I can't make that change directly in Azure?

 

Thank you again for your help.

That would be one way. Alternatively you can delete the user from Azure AD. It will then first be soft deleted and you will need to do a hard sleet after that to remove the user completely from Azure AD. Then trigger the on prem account to be synced again.