3

Over the weekend, I successfully got our AD to sync with Azure AD and Office 365. Things were going great, but for some reason the accounts that it synced defaulted to a @ourorganization.onmicrosoft.com address. I was able to resolve this through PowerShell by using the following command (wrapped for readability):

Get-MsolUser -all | Where { -Not $_.UserPrincipalName.ToLower().StartsWith(“admin@”) } 
    | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName 
    ($_.UserPrincipalName.Split(“@”)[0] + “@ourorganization.net”) }

Things look great as far as user accounts are going, BUT I have inadvertently created a small problem. When the above cmdlet was renaming accounts, it also renamed the Directory Sync account somehow, and now my directory isn’t syncing.

DirSync is still looking for "syncaccount@ourorganization.onmicrosoft.com"

In the Active Users portal, the account is now listed as "syncaccount@ourorganization.net"

When I try to manually change that back in the Office Portal or Azure, it blocks out the save button. When I try to change it in PowerShell with:

Get-MsolUser -Userprincipalname SyncAccount@ourorganization.net 
    | set-msolUser -UserPrincipalName SyncAccount@ourorganization.onmicrosoft.com

It throws an exception because it is “Not Settable”

I've also tried running the Azure AD Connect utility again to try and force a sync. The utility completes, but a sync never takes place.

If anyone can offer any tips to set me on my way, I’d appreciate it!

darthcircuit
  • 61
  • 6
  • You got the onmicrosoft.com addresses because the on-premises users had a UPN suffix that wasn't set up on your Office 365 account. If you configure your UPNs and Office 365 domains correctly you won't have this issue and stuff like DirSync will just work out of the box. I'd recommend it. – BlueCompute Apr 12 '16 at 15:02
  • I made sure to change the UPN suffixes to match the domain I enabled in Office 365 before I did dirsync, and I ran IDFix in order to avoid sync errors. It still gave me .onmicrosoft addresses after the dirsyc completed. I read all the documentation I could find like 3 times before I tried anything. – darthcircuit Apr 19 '16 at 15:41
  • If it was the email address rather than the UPN that ended up as .onmicrosoft.com, did you populate the Mail and proxyAddresses attributes for your on-premises users? that's all I can think of. – BlueCompute Apr 19 '16 at 16:31

1 Answers1

3

I was able to answer my own question.

Instead of using Get-MsolUser and piping that into Set-MsolUser, I just used (wrapped for readability):

set-msoluserprincipalname -userprincipalname SyncAccount@domain.net 
-newuserprincipalname SyncAccount@domain.onmicrosoft.com

My AD is able to sync with Azure AD and Office 365 now.

darthcircuit
  • 61
  • 6