When you run the Windows Azure Active Directory Sync tool, you notice that the user name of a user in your organizational account such as Office 365, Windows Azure, or Windows Intune doesn't match the user's on-premises user principal name (UPN).
There are two possible causes of this issue:
- Your company domain is not yet verified. The UPN suffix of the on-premises user is a domain that is not yet verified in your organizational account.
- The cloud-managed user has a license. The user in your organizational account is not federated and was assigned a license.
Scenario 1: Your company domain is not yet verified
Make sure that the UPN suffix domain is verified in your organization. If you sync users before you verify the domain, the user name of the user is changed accordingly.
How to determine the UPN suffix for a user
On a domain controller or on a computer on which the Windows Server Administration Toolkit is installed, follow these steps:
- Open Active Directory Users and Computers. To do this, click Start, click Run, type dsa.msc, and then click OK.
- Right-click the domain, and then click Find.
- In the Name box, type the user's display name, and then click Find Now.
- Double-click the user name in the search results, and then click the Account tab.
- Under User logon name, notice the domain part of user logon name. This is known as the UPN suffix.
Collapse this imageExpand this image
If the UPN suffix isn't a registered domain, you must either register the domain with a domain registrar or change the UPN suffix of the user to a domain that's registered. This UPN suffix must be registered with a domain registrar before you can verify the domain in your organizational account.
Scenario 2: The cloud-managed user has a license
To update the UPN of a cloud-managed user who was assigned a license, follow these steps:
- Start the Windows Azure Active Directory Module for Windows PowerShell, and then connect to Windows Azure Active Directory (Windows Azure AD). For more information about how to do this, go to the following Microsoft website:
- Run the following Windows PowerShell cmdlet:
Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]
The Windows PowerShell commands in this article require the Windows Azure Active Directory Module for Windows PowerShell. For more information, go to the following Microsoft website:
For more information about how to add and verify a domain in Office 365, go to the following Microsoft website:
For more information about how to update other synced attributes, click the following article number to view the article in the Microsoft Knowledge Base:
Individual Active Directory Domain Services objects don't sync to Windows Azure AD
Still need help? Go to the Office 365 Community
website or the Windows Azure Active Directory