Let's say that I have a user with the UPN of Byron.Test@conexion.ca in my organization. When I first run Dirsync, this UPN is synchronized in Azure AD and Office 365. I can not use this UPN for authenticating to both on-premises services and Office 365.
Several months later I meet the lady of my dreams and get married. Now I change the on-premises information including the UPN. So, my new UPN on-premises is Byron.Dreamy@conexion.ca. The updated last name, display name, and UPN show as synchronized when I view the logs in DirSync. However, in Office 365, the new UPN never appears. In Office 365, I still need to authenticate as the original UPN of Byron.Test@conexion.ca.
While this behaviour is surprising the first time you run into it, it is normal. The domain for your UPN can be updated by using DirSync, but not the username portion. Instead, to update the UPN, you need to do a remote connection to Office 365 and run the following command:
Set-MsolUserPrincipalName –UserPrincipalName oldUPN –NewUserPrincipalName newUPNIn my example the command would be:
Set-MsolUserPrincipalName –UserPrincipalName byron.test@conexion.ca –NewUserPrincipalName Byron.Dreamy@conexion.caUPDATE: This information is no longer accurate. I'm not sure when it changed, but during a migration yesterday for a client and a test I performed today (March 21/15) the username is now properly updated by DirSync. You should not need to run Set-MsolUserPrincipalName when using Dirsync.
UPDATE: And on a project today (June 23/15) we had issues with UPN sync and needed to use Set-MsolUserPrincipalName. Not sure if MS changed something or whether I was out of my mind previously.
"Byron Dreamy"
ReplyDeleteSorry, that fantasy is already taken by someone else. Please choose a new username.
;-)