Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
O365 - federated domain users who aren’t in On Prem AD
I’m seeing a small but strange issue in an environment that has Okta, on prem AD, Azure AD and O365.
There are users in Azure/O365 with usernames using the federated domain.com, however I do not see them in on prem AD. They are classified as “in-cloud”.
So how come if I try and create another user in Azure or O365, I cannot specify the same domain.com in its username since I get an error that the domain is federated?
There are users in Azure/O365 with usernames using the federated domain.com, however I do not see them in on prem AD. They are classified as “in-cloud”.
So how come if I try and create another user in Azure or O365, I cannot specify the same domain.com in its username since I get an error that the domain is federated?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
it might be possible that they have created initially with default onmicrosoft domain and afterword through command line there domain has changed to federated one
Ex:
The above cmdlets are old and you need to use new Azure AD module for same
https://support.microsoft.com/en-in/help/2669550/changes-aren-t-synced-by-the-azure-active-directory-sync-tool-after-yo
Ex:
Get-Msoluser -UserPrincipalName user1@tenant.onmicrosoft.com | Set-Msoluser -UserPrincipalName user1@federateddomain.com
The above cmdlets are old and you need to use new Azure AD module for same
https://support.microsoft.com/en-in/help/2669550/changes-aren-t-synced-by-the-azure-active-directory-sync-tool-after-yo
I tried that but what happens is I get this error:
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
This indicates the user would need to be in Okta -- but the other users who are "in-cloud" and have the domain.com upn are not in Okta not AD.
That's why I'm wondering if maybe they were setup at a different time perhaps before the Domain was federated.
Is there a way to see when the Domain was federated ?
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
This indicates the user would need to be in Okta -- but the other users who are "in-cloud" and have the domain.com upn are not in Okta not AD.
That's why I'm wondering if maybe they were setup at a different time perhaps before the Domain was federated.
Is there a way to see when the Domain was federated ?
have you created test user (cloud only) with tenant.onmicrosoft.com as UPN and latter tried command line to change UPN to federated one?
Also do you using Azure AD Connect for sync or you are using any tool from OKTA for same?
Also do you using Azure AD Connect for sync or you are using any tool from OKTA for same?
Yes I tried setting it to federated one but got:
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
Okta appears to have the users in its People database but doesn't provision to O365. There are some federated domain users who don't appear in Okta and neither in AD.
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
Okta appears to have the users in its People database but doesn't provision to O365. There are some federated domain users who don't appear in Okta and neither in AD.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial