O365 - federated domain users who aren’t in On Prem AD
I’m seeing a small but strange issue in an environment that has Okta, on prem AD, Azure AD and O365.
There are users in Azure/O365 with usernames using the federated domain.com, however I do not see them in on prem AD. They are classified as “in-cloud”.
So how come if I try and create another user in Azure or O365, I cannot specify the same domain.com in its username since I get an error that the domain is federated?
There are users in Azure/O365 with usernames using the federated domain.com, however I do not see them in on prem AD. They are classified as “in-cloud”.
So how come if I try and create another user in Azure or O365, I cannot specify the same domain.com in its username since I get an error that the domain is federated?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I tried setting it to federated one but got:
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
Okta appears to have the users in its People database but doesn't provision to O365. There are some federated domain users who don't appear in Okta and neither in AD.
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
Okta appears to have the users in its People database but doesn't provision to O365. There are some federated domain users who don't appear in Okta and neither in AD.
it seems that users with federated domain showing as cloud only are created previously before you set O365 integration with OKTA (i.e federation)
are those users having active mailboxes?
If those are not in use, you can ignore them
OR
if you can create them in AD and sync to o365 with OKTA
are those users having active mailboxes?
If those are not in use, you can ignore them
OR
if you can create them in AD and sync to o365 with OKTA
ASKER
Thanks yeah they were created before it was federated I learned.
ASKER
Set-MsolUserPrincipalName : You must provide a required property: Parameter name: FederatedUser.SourceAnchor
This indicates the user would need to be in Okta -- but the other users who are "in-cloud" and have the domain.com upn are not in Okta not AD.
That's why I'm wondering if maybe they were setup at a different time perhaps before the Domain was federated.
Is there a way to see when the Domain was federated ?