Had a request to change the UPN from one Federated Domain to another today and it gave me a bit of trouble. I made all the appropriate changes in AD thinking it would be that simple, but alas I began getting the following error on my DirSync to O365:
Unable to update this object in Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services.
Looking at the synchronization service I got the same error with the error number of 105 (I was really hoping for more information). I did some digging on the internet and came across this article that contained the answer to my problem.
Turns out that when switching a local AD account from one federated domain to another, Azure AD/O365 doesn’t like that too much and doesn’t make the change for you. Lame. So I used the following bit of PowerShell to resolve that:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
################# #Connect to O365# ################# Connect-MsolService ######################## #Input O365 Admin Creds# ######################## ################################################################## #I like to confirm this is actually the problem before proceeding# ################################################################## Get-MsolUser -UserPrincipalName <UPN of user prior to AD change> ################ #Change the UPN# ################ Set-MsolUserPrincipalName -UserPrincipalName <Old UPN> -NewUserPrincipalName <New UPN desired> |
Then kick off a Full Sync on your DirSync box, let it finish, and you’re good to go.
|
1 2 3 4 5 |
################# #Start Full Sync# ################# Start-ADSyncSyncCycle -PolicyType Initial |