Forum Discussion
Changing UPN AD User Domain
I changed one of our users UPN domain name in AD from domain.local to domain.com. This change then synced the user's AD account into O365 as it should. I then realised that I had picked the wrong UPN domain, so I changed it to domain123.com. I have been checking for the last 4 - 5 hours and in O365 it is still displaying username@domain.com instead of username@domain123.com.
We have a hybrid SfB setup and in the local server in the SfB control panel I can see the user account has been updated to username@domain123.com.
Is there a different process I should be taking to change the UPN domain once the user has been synced in O365?
DirSync sometimes fails to pick up the UPN changes. You can however change it directly in O365 via the Set-MsolUserPrincipalName cmdlet.
11 Replies
Yes you have to change the domain for the user manually
https://www.adamfowlerit.com/2016/05/wrong-domain-users-azure-active-directory/
Set-MSolUserPrincipalName -userprincipalname “existinguser@mydomain.local” -NewUserPrincipalName “existinguser@mydomain.com”
I have tried the following and it still will not work! The account I am logging in with has global admin rights.
Connect-MSOLService
Set-MSolUserPrincipalName -userprincipalname firstname.lastname@domain.com -NewUserPrincipalName firstname.lastname@domain123.com
Set-MSolUserPrincipalName : Unable to complete this action. Try again later.
At line:1 char:1
+ Set-MSolUserPrincipalName -userprincipalname firstname.lastname@domain. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolUserPrincipalName], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Adm
inistration.Automation.SetUserPrincipalNameFixed you cannot directly change the domain from one federated domain to the other in O365 - https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_dirservices/trying-to-change-upn-in-azure-error-unable-to/05759e00-4000-4e7a-bb81-14c6d2152d29?auth=1
- Quick follow up from my end, I checked and our is involving first.last@somewhere.com where the first.last changes. We have to disable csuser and re-enable it which fixes the issue for us. Sounds like this is a different issue, but wanted to see if I could help with anything.
John Hi Craig,
Try to force the sync again:
To invoke a delta sync cycle, run the following command:
Start-ADSyncSyncCycle -PolicyType Delta
To invoke a full sync cycle, run the following command:
Start-ADSyncSyncCycle -PolicyType InitialOpen Synchronization manager and check whether changes took place.
Thanks,
Nermin
DirSync sometimes fails to pick up the UPN changes. You can however change it directly in O365 via the Set-MsolUserPrincipalName cmdlet.
- Craig,
We are also a hybrid set up. I know we deal with this for name changes. We had some issues early on, but I believe lately we have not had an issue changing the UPN. I will check with our admin to see what he does to correct this issue as I remember us having the same problem.
John Looking in the azure audit logs I can see the change from domain.local to domain.com, but not the 2nd change from domain.com to domain123.com.
