• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 91
  • Last Modified:

azure active directory - On-premises users

I just connected my on-premises active directory to Azure Active Directory. For 99% of the company, it worked perfectly and their Office365 user is connected to their local user and domain login. I have about 10 users whose username on-premises did not match their Office365 username and I now have two users in Azure Active Directory for them.

Is there a way to merge these two on Azure Active Directory so that changes on-premises replicate through to AAD and their local login will work for AAD enabled application authentication?
0
Scot Sunnergren
Asked:
Scot Sunnergren
  • 2
  • 2
1 Solution
 
Vasil Michev (MVP)Commented:
The sync process sometimes fails to reflect changes in UPNs, but you can work around this by changing the UPN directly in O365. Use the WAAD module and the following cmdlet:

Set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@newdomain.com

Open in new window


The cmdlet will work regardless of the user's sync status.
0
 
Scot SunnergrenCTOAuthor Commented:
I am not sure if your solution resolves my issue.

I have an on-premises user of firstname@domain.com and their office365/AAD user is firstnamelastname@domain.com.

After the initialization of the connector, I now have two users in AAD:

firstname@domain.com  (sourced from local active directory)
firstnamelastname@domain.com  (sourced from Azure Active Directory)

Is there a way to associate or merge these two together within AAD or do I need to rename one of them?
0
 
Vasil Michev (MVP)Commented:
Ah, got it. The only way is to remove the newly created firstnamelastname@domain.com from Azure AD, remove it from the recycle bin as well, then use the soft-match mechanism to "link" the on-prem object and the firstname@domain.com one: http://support.microsoft.com/kb/2641663
0
 
Scot SunnergrenCTOAuthor Commented:
Thank you,  But I subsequently found that initiating this wiped out email aliases on userids that were the same and did sync. Those aliases were originally entered on O365 and are now gone. I am running an exchange change report and hope to get a listing of what they were so I can re-instate them.

But I also found that, with the two linked, I cannot edit aliases on O365. Instead I would have to enter them as proxy detail in the advanced users and computers on the DC. That is not something I want to do so I will have to turn off the directory link...

Seems very strange that they get Azure to link to all of these other online services but the connection back to the local domain is terrible.

Thanks for the assistance!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now