Reputation: 3
Is possible to prevent the domain of the UPN to be changed to the onmicrosoft.com when syncing existing accounts?
I have a scenario in which a synchronization is being performed from a local Active Directory to an existing Azure AD through AD Connect. I want to synchronize for example the user on cloud [email protected] with the user [email protected] that is on-premises.
Per Microsoft's official documentation regarding AD Connect states: "If the value of the userPrincipalName attribute doesn't correspond to a verified domain in Azure AD, the synchronization process replaces the suffix with a default .onmicrosoft.com value."
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/howto-troubleshoot-upn-changes
This causes the UPN of the user [email protected] be renamed to [email protected] and as the Shadow UPN will have [email protected]. This happens even if I have domain.com as the primary domain. I want to prevent this to happen since it will affect the login of the users.
So I wanted to know if there is a way to work around this limitation and prevent the change of the UPN or it will be necesary to rename the UPN of the user through PowerShell.
Thanks in advance.
Upvotes: 0
Views: 1445
Answers (1)
Reputation: 3137
If the domain is not owned by you, UPN of the user [email protected] will be renamed to [email protected] and the Shadow UPN will have [email protected]
If the Domain is owned by you, you can add the domain in Azure Active Directory and verify it. Once its verified, you can use the same UPN for both local AD and Azure AD.
Go to your Azure Active Directory --> Under Manage, click on Custom Domain Names --> Click on Add Custom Domain --> Enter your Custom Domain Name --> Click on Add Domain
Go to your Domain Manager --> Add either TXT or MX record in your Domain Manager as shown in the Azure Active Directory.
Once Record is added in your Domain Manager, click on Verify.
Once the Domain is verified, while syncing the Windows Active Directory with Azure Active Directory, you can see your custom domain which is verified as UPN suffix.
Upvotes: 0
Related Questions
- Azure AD sync users to on premise AD
- How to stop Azure AD B2C signin flow to allow users to change email
- Azure AD B2B - Can we create the UPN with email-id instead of the domain contains ".onmicrosoft.com"?
- Azure AD B2C - Can we sign-in using email-id instead of UPN - local accounts only custom policy?
- Changing "on-premises mastered Directory Sync objects"
- Authenticating with Azure AD using UPN (User principal name)
- Directory Sync AD Connect multiple Domains
- Azure AD SPN and UPN?
- Assign UPN to Azure Active Directory Application Registration
- Limit Azure Active Directory sync