Changing UPN of O365 federated Users

Every user synchronized from on-prem Active Directory onto office 365 must use their UPN (UserPrincipalName) to login to any of the O365 services. However if an organization having a very old operational Active Directory probably be using NETBIOS (domain\user) way of login to on premise workstations/applications.

To overcome this, administrators enforces the UPN as the primary way of authenticating with similar user name to both on-prem and cloud.

However, the biggest challenge comes for those users who may be using a different smtp email domains for the same organization thereby having UPN as user@emaildomain.com while their UPN could be user@addomain.com.

To resolve this confusion, administrators decides to change their UPN to match that with their primary email address and thereby requiring changing UPN of O365 federated users.

Here are the simplest ways to accomplish this.

Step 1: Search office 365 users for their present federated UPN

Step 2: Open Azure AD Powershell module

Open Azure AD powerShell Module in Administrative context

Changing UPN of Office 365 federated Users

Connect to Azure AD using the command
Connect-MsolService
Provide Global Admin Credential

Step3: issue the command from Azure AD Powershell module after connecting to Azure AD

Set-MsolUserPrincipalName -UserPrincipalName lsdas@netwoven.com -NewUserPrincipalName sdas@netwoven.onmicrosoft.com

UserPrincipalName – this should be present UPN as shown in office 365

NewUserPrincipalName – New UPN must use the default domain for your O365 tenant. (i.e. username@company.onmicrosoft.com)

Step4: Check office 365 to ensure that user’s UPN has been changed to office 365 default UPN

Step5: Go Back to you on premise AD and change the UPN of the user as desired.

Step6: Run manual force full directory sync by running the command: This depends on the type of Directory synchronization tool deployed in your organization

Azure AD Sync Tool:- you must run the following command from dirsync installation directory c:\Program Files\Microsoft Azure AD Sycn\Bin

.\DirectorySyncClientCmd.exe initial

Azure ADConnect Tool: Open Windows Powershell and run the following command:

Import-Module adsync

Start-ADSyncSyncCycle -PolicyType Initial

Step7 : Now go back and re-check the UPN in office 365 if they have been synced from the AD

You are all set now for the same user to use new UPN

Subhendu Das

Subhendu Das is a technically competent IT Professional offering a distinguished career donning leadership roles for over 18 years primarily in IT Infrastructure Services along with a 12 years’ experience in IT Education Industry as a lead Educationalist. Subhendu has been working as a Senior Manager – IT Infrastructure with Netwoven and he is driving a team of IT Administrators and building sound IT Infrastructure for developers and remote servers in US. He is also actively involved with various client infrastructure migration, SharePoint, Exchange and Office 365 projects. Subhendu holds a Bachelor of Science from Calcutta University and also is a graduate from National Institute of Information Technology. He is a Microsoft Certified professional with certifications in MCSE, MCITP, MOS, MCTS, MCSA.

View all of Subhendu Das's posts.

1 comment

If connecting to msolservice fails, install msonline first! Eg:

Install-Module msonline

Changing UPN of Office 365 federated Users

Subhendu Das

Related Posts

Categories

1 comment

Leave a comment Cancel reply

Stay Connected

Services

Product

Customers

Insights

Company