azure active directory - On-premises users

I just connected my on-premises active directory to Azure Active Directory. For 99% of the company, it worked perfectly and their Office365 user is connected to their local user and domain login. I have about 10 users whose username on-premises did not match their Office365 username and I now have two users in Azure Active Directory for them.

Is there a way to merge these two on Azure Active Directory so that changes on-premises replicate through to AAD and their local login will work for AAD enabled application authentication?
Scot SunnergrenCTOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
The sync process sometimes fails to reflect changes in UPNs, but you can work around this by changing the UPN directly in O365. Use the WAAD module and the following cmdlet:

Set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@newdomain.com

Open in new window


The cmdlet will work regardless of the user's sync status.
0
Scot SunnergrenCTOAuthor Commented:
I am not sure if your solution resolves my issue.

I have an on-premises user of firstname@domain.com and their office365/AAD user is firstnamelastname@domain.com.

After the initialization of the connector, I now have two users in AAD:

firstname@domain.com  (sourced from local active directory)
firstnamelastname@domain.com  (sourced from Azure Active Directory)

Is there a way to associate or merge these two together within AAD or do I need to rename one of them?
0
Vasil Michev (MVP)Commented:
Ah, got it. The only way is to remove the newly created firstnamelastname@domain.com from Azure AD, remove it from the recycle bin as well, then use the soft-match mechanism to "link" the on-prem object and the firstname@domain.com one: http://support.microsoft.com/kb/2641663
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scot SunnergrenCTOAuthor Commented:
Thank you,  But I subsequently found that initiating this wiped out email aliases on userids that were the same and did sync. Those aliases were originally entered on O365 and are now gone. I am running an exchange change report and hope to get a listing of what they were so I can re-instate them.

But I also found that, with the two linked, I cannot edit aliases on O365. Instead I would have to enter them as proxy detail in the advanced users and computers on the DC. That is not something I want to do so I will have to turn off the directory link...

Seems very strange that they get Azure to link to all of these other online services but the connection back to the local domain is terrible.

Thanks for the assistance!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.