Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

azure active directory - On-premises users

Posted on 2016-07-20
4
Medium Priority
?
86 Views
Last Modified: 2016-07-20
I just connected my on-premises active directory to Azure Active Directory. For 99% of the company, it worked perfectly and their Office365 user is connected to their local user and domain login. I have about 10 users whose username on-premises did not match their Office365 username and I now have two users in Azure Active Directory for them.

Is there a way to merge these two on Azure Active Directory so that changes on-premises replicate through to AAD and their local login will work for AAD enabled application authentication?
0
Comment
Question by:ScotSunnergren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 41721192
The sync process sometimes fails to reflect changes in UPNs, but you can work around this by changing the UPN directly in O365. Use the WAAD module and the following cmdlet:

Set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@newdomain.com

Open in new window


The cmdlet will work regardless of the user's sync status.
0
 

Author Comment

by:ScotSunnergren
ID: 41721219
I am not sure if your solution resolves my issue.

I have an on-premises user of firstname@domain.com and their office365/AAD user is firstnamelastname@domain.com.

After the initialization of the connector, I now have two users in AAD:

firstname@domain.com  (sourced from local active directory)
firstnamelastname@domain.com  (sourced from Azure Active Directory)

Is there a way to associate or merge these two together within AAD or do I need to rename one of them?
0
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 41721400
Ah, got it. The only way is to remove the newly created firstnamelastname@domain.com from Azure AD, remove it from the recycle bin as well, then use the soft-match mechanism to "link" the on-prem object and the firstname@domain.com one: http://support.microsoft.com/kb/2641663
0
 

Author Comment

by:ScotSunnergren
ID: 41721703
Thank you,  But I subsequently found that initiating this wiped out email aliases on userids that were the same and did sync. Those aliases were originally entered on O365 and are now gone. I am running an exchange change report and hope to get a listing of what they were so I can re-instate them.

But I also found that, with the two linked, I cannot edit aliases on O365. Instead I would have to enter them as proxy detail in the advanced users and computers on the DC. That is not something I want to do so I will have to turn off the directory link...

Seems very strange that they get Azure to link to all of these other online services but the connection back to the local domain is terrible.

Thanks for the assistance!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question