Julien Dubois
asked on
Create script to update default UserPrincipalName in Office 365 and match correctly with UPN of Active Directory
Hi,
I would like to know how can i do to match UserPrincipalName (UPN) in order to synchronize my Active Directory with my Office 365 environment.
I explain my issue:
In Active Directory Size, I have UPN correcty configured with routable domain with following policy : f.lastname@toto.com
In Office 365 side, I have already created users with the default UPN f.lastname@toto.onmicrosof
I have 8 domains in my environnement so i need to match with alias (before @)
Before synchronise my Active Directory with Azure AD Connect, i need to match UPN in order to keep/merge the existing users in Office 365 side.
So, I need to create a script who check if alias (Of UPN AD & O365) match, modify UPN in Office 365 side by UPN of Active Directory with the command Set-MsolUserPrincipalName
All users in AD side doesn't exist in Office 365 (180 users/300 total).
Thanks for you help.
I would like to know how can i do to match UserPrincipalName (UPN) in order to synchronize my Active Directory with my Office 365 environment.
I explain my issue:
In Active Directory Size, I have UPN correcty configured with routable domain with following policy : f.lastname@toto.com
In Office 365 side, I have already created users with the default UPN f.lastname@toto.onmicrosof
I have 8 domains in my environnement so i need to match with alias (before @)
Before synchronise my Active Directory with Azure AD Connect, i need to match UPN in order to keep/merge the existing users in Office 365 side.
So, I need to create a script who check if alias (Of UPN AD & O365) match, modify UPN in Office 365 side by UPN of Active Directory with the command Set-MsolUserPrincipalName
All users in AD side doesn't exist in Office 365 (180 users/300 total).
Thanks for you help.
Use this https://gallery.technet.microsoft.com/scriptcenter/Set-Upn-With-Mail-Address-c4d0ee60
or this VBS I wrote a decade ago
or this VBS I wrote a decade ago
Option Explicit
'On Error Resume Next
Const ADS_SCOPE_SUBTREE=2
Const ForAppending=8
Dim objConnection
Dim objCommand
Dim objRecordSet
Dim strdistinguishedName
Dim strdNSHostName
Dim strTarget
Dim strIPAddress
Dim intCnt
Dim intTotal
Dim strcn
Dim objRootDSE
Dim strDNSDomain
Dim strmail
Dim strADsPath
Dim struserPrincipalName
Dim arruserPrincipalName
Dim objUser
Dim strsAMAccountName
Dim strLeftPartOfUPN
Dim blnShouldRun
Set objConnection=CreateObject("ADODB.Connection")
Set objCommand=CreateObject("ADODB.Command")
objConnection.Provider="ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection=objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
objCommand.Properties("Page Size")=1000
objCommand.Properties("Searchscope")=ADS_SCOPE_SUBTREE
objCommand.CommandText="SELECT ADsPath,userPrincipalName,sAMAccountName,mail,cn,distinguishedName FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='Person' AND objectClass='User'"
Set objRecordSet=objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
blnShouldRun = False
strdistinguishedName = objRecordSet.Fields("distinguishedName").Value
strcn = objRecordSet.Fields("cn").Value
strmail = objRecordSet.Fields("mail").Value
struserPrincipalName = objRecordSet.Fields("userPrincipalName").Value
strsAMAccountName = objRecordSet.Fields("sAMAccountName").Value
strADsPath = objRecordSet.Fields("ADsPath").Value
Set objUser = GetObject(strADsPath)
If IsNull(struserPrincipalName) Then
blnShouldRun = True
End If
If blnShouldRun = True Then
If strmail <> "" Then
LogAndDisplay(struserPrincipalName & vbTab & strmail & vbTab & strcn & vbTab & vbTab & strdistinguishedName)
objUser.userPrincipalName = strmail
objUser.SetInfo
'WScript.Quit
End If
End If
Set objUser = Nothing
objRecordSet.MoveNext
Loop
Set objRootDSE=Nothing
Set objConnection=Nothing
Set objCommand=Nothing
Set objRecordSet=Nothing
Sub LogAndDisplay(strLine)
On Error Resume Next
Dim objFSO
Dim objTextFile
WScript.Echo strLine
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objTextFile=objFSO.OpenTextFile("UpdateUPNtoEmail.log",ForAppending,True)
objTextFile.WriteLine(strLine)
objTextFile.Close
Set objFSO=Nothing
Set objTextFile=Nothing
On Error Goto 0
End SubASKER
Thanks for your update.
I have already a command to set email address to UPN in Active Directory:
Get-ADUser -filter * -SearchBase "dc=lab,dc=local" -Properties mail | ForEach {Set-ADUser -Identity $_.samaccountname -UserPrincipalName $_.mail}
Now, I need to set UPN in Office 365. Actually, we don't have any synchronization with Azure AD connect because UPN must match both AD & O365 to merge accounts and don't loose data.
In O365, they use only Skype Online.
Hence, the alias are the same for all users. I need to change the domaine but I have 8 domains and I would like to automate this task without synchrozisation before.
I have already a command to set email address to UPN in Active Directory:
Get-ADUser -filter * -SearchBase "dc=lab,dc=local" -Properties mail | ForEach {Set-ADUser -Identity $_.samaccountname -UserPrincipalName $_.mail}
Now, I need to set UPN in Office 365. Actually, we don't have any synchronization with Azure AD connect because UPN must match both AD & O365 to merge accounts and don't loose data.
In O365, they use only Skype Online.
Hence, the alias are the same for all users. I need to change the domaine but I have 8 domains and I would like to automate this task without synchrozisation before.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
1) Soft-match (Primary SMTP): http://support.microsoft.com/kb/2641663
2) Hard-match (objectGUID): http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx
You can easily export list of O365 accounts via the Get-MsolUser cmdlet, and compare against on-premises (Get-ADUser). I would not recommend making those changes automatically though, as you will be changing information vital to the end users. By all means, generate the list, but make sure to communicate any changes (if needed) to the end users and perform them only after receiving acknowledgement.