Management

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 785 other subscribers

Social

  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

Unable to Sync > FederatedUser.UserPrincipalName is not valid

Federation Issues.

This week I had a Tenant who had problems with 1 users.

This customer has multiple domains in the same Active Directory, and they are all in the same tenant.

This user changed jobs, en therefore receive a different UPN, in the same Active Directory.

After changing the UPN in the Active Directory, some weird problems arose.

Looking in AADConnect gave me the problem.

The new UPN of this user, isn’t synchronized to the tenant.

 

Problem:

Changes aren’t synced by the Azure Active Directory Sync tool after you change the UPN of a user account to use a different federated domain

There is an Error in AADConnect:

Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid. Update the value in your local Active Directory

 

Real problem:

In the local Active Directory you find User1@domainA.nl, online there is User1@domainB.nl

User check Online:

UserPrincipalName    DisplayName   isLicensed

User1@domainB.nl    User1                  True

 

Attempt 1

I’ve tried to convert the online user:

When doing this you receive an error:

Set-MsolUserPrincipalName : Unable to complete this action. Try again later.

FederatedUserUPN1

 

Attempt 2

Synchronize the domain controllers:

Restart an initial Synchronization of AADConnect

FederatedUserUPN2

 

When doing this you still receive an error in AADConnect:

Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid. Update the value in your local Active Directory

 

Solution:

Convert the user first to an OnMicrosoft account

FederatedUserUPN3

 

Again, Restart an initial Synchronization of AADConnect

FederatedUserUPN4

 

The Online user is now converted to the correct UPN

AADConnect is successful now

FederatedUserUPN5

 

More info:

https://support.microsoft.com/en-us/kb/2669550

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.