SOLVED

Dealing with the consequences of Azure AD Sync for users whose email addresses did not match UPN.

Copper Contributor

About five people in my company have their first name as their email address. So when Jane Doe started at this company, an Office 365 account was created (jane0company.com) and a domain account was made (jdoe0company.com).  (using zeroes in place of the at as this forum removes addresses)

 

So after running Azure AD Connect for the first time, jdoe0company.com got synced into AAD and a new account was created. I expected this and decided to roll with it; it's not difficult to just sign into Office apps with a different name. But I've had a couple odd things happen since them and want to eliminate this as a potential cause. 

 

I don't think I can just delete the erroneous jdoe0company.com out of AAD and change jane0company.com's primary email to jdoe0company.com to match this person's UPN and expect the sync to remain happy. What's the best course of action there?

2 Replies
best response confirmed by ChrisR770 (Copper Contributor)
Solution
So if I understand correctly, you ended up with two AAD accounts for the same user, and now you want to consolidate? Getting rid of the AAD account is the easy way, you can then (hard) match the AD account against the remaining AAD one. The issue that arises with this approach is preserving/migrating any data from the AAD account, as there is no built-in solution for that.
You're right, ended up with two AAD accounts. I want the on-prem AD account to sync with the original AAD account (the one with the first name as the email address). The 'new' AAD account (the one which matches the on-prem AD username) needs to go; I don't think there's any data to preserve.

Will look up hard matching. Thanks!
1 best response

Accepted Solutions
best response confirmed by ChrisR770 (Copper Contributor)
Solution
So if I understand correctly, you ended up with two AAD accounts for the same user, and now you want to consolidate? Getting rid of the AAD account is the easy way, you can then (hard) match the AD account against the remaining AAD one. The issue that arises with this approach is preserving/migrating any data from the AAD account, as there is no built-in solution for that.

View solution in original post