Sep 22 2021
06:13 AM
- last edited on
Jan 14 2022
03:24 PM
by
TechCommunityAP
Sep 22 2021
06:13 AM
- last edited on
Jan 14 2022
03:24 PM
by
TechCommunityAP
When our on premises AD users sync with AzureAD, almost every one of them get a username in Azure in the format of their email address, which would be <on-premADaccount>@mycorp.com. However, one user after synchronization has been given an AzureAD account with a modified username and the tenant domain. Instead of a normal jdoe@mycorp.com, it is jdoe0365@mycorptenant.onmicrosoft.com. Clicking "manage username of course tells me that it is synced with the local AD and has to be edited there. Looking through the attribute editor for this user in AD, I saw nothing like "jdoe0365", nor did I see that anywhere else on his account in ADUC.
This user account was different in one respect. He previously had an account created directly in Azure, and its username was jdoe@mycorptenant.onmicrosoft.com. It was a Global Administrator. I deleted this account, waited more than 15 minutes, and verified it was no longer in AzureAD before moving the on premises AD account to a synchronized container.
Is there any way to get this AzureAD account set to our normal jdoe@mycorp.com? Or is this user stuck with this whenever he has to log into Azure or O365 to perform admin functions?
Thank you very much for your help with this.
Sep 22 2021 07:45 AM
Sep 22 2021 12:34 PM
Thanks very much for your reply.
You're exactly right about the conflict. I had overlooked a contact we had created for this user so that users whose mailboxes were migrated to the cloud would be able to send mail to this person's regular Exchange (on prem) mailbox. (Since he had a account created directly in Azure, we left him in an unsynchronized OU, which meant that his name in the O365 GAL pointed to the mailbox associated with the Azure account's mailbox in Exchange Online.)
I'll have to delete that contact. Would the most straightforward thing be to move him back to an unsyncronized OU in AD and let that new account be removed from AzureAD, then move the AD account back to a synchronized OU so that it would be recreated? Or would it be better to modify the existing Azure account? If the latter, what would I change in AD in order to change the account name in Azure since I can't make that change directly in Azure?
Thank you again for your help.
Sep 22 2021 01:27 PM