How do I bulk change UPNs in SBS 2008

I am asking this question because of errors in DirSync synchronizing SBS 2008 (Exchange 2007) to Office 365.

I have determined that the reason my DirSync is failing is because the UPN doesn't match the Office 365 user. When this server was originally setup (not by me!), the users were setup like this:

User: Joe Smith
Login: JoeSmith@domain.local
Email: JoeS@domain.com

Before when I tried to sync it would fail with this error for each user:

Identity: JoeUser@domain.local
Error: Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses X500:/o=first organization/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=JoeU;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.
 
Now I have at least fixed the "local" domain and now I get this:

Identity: JoeUser@domain.com
Error: Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses X500:/o=first organization/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=JoeU;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

Here are my questions:

1. Is there a way to bulk edit the UPNs to be the same as the email address? If not, what's the best way to change them manually?

2. If I can do #1 above, will that affect how the users login, or can they still use first and last names? i.e. JoeUser

3. Or am I completely wrong about why this is failing and do I need to do something completely different?


Thanks for your help!!
MrComputerITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
The office 365 tool "idfix" can mass edit UPNs. But based on that error, I don't think it'll help. The issue looks like your accounts already have soft (or hard m) matches with accounts in azure AD, but the proxy address conflicts with a different account. This happens if you did a dirsync and then deleted accounts in o365. I am guessing the migration to o365 didn't follow their onramp process, which was written specifically to avoid issues like this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MrComputerITAuthor Commented:
We did do a DirSync and then deleted the accounts. Then we migrated and resetup DirSync. Is there a way to fix it after doing that?
0
Cliff GaliherCommented:
Yeah, that was a huge mistake. You basically deleted the accounts that your on-prem accounts think they should match, so they won't sync with a different new account., which was created when you migrated. The documented migration process doesn't delete accounts so you don't have that problem.

Now you'll have to manually hard-match each account. There is no automated process to do this. So it can be time consuming. But less risky than exporting and importing data.

http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx
0
MrComputerITAuthor Commented:
Deleting the deleted users solved the problem as well as correcting the UPN (removing the "domain.local" domain). It appears to be working correctly now.

Thanks for your help and pointing me in the right direction!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.