Tuesday, August 20, 2013

Fixing Sign-On Name for Renamed Users in Office 365

When using DirSync, the user's userPrincipalName attribute in Active Directory is used to construct the user name in Office 365. The Office 365 user will use this username to login to Office 365 for OWA, Outlook Anywhere, and ActiveSync for mobile devices, so you'll usually want this UPN to match Active Directory.

In a recent project I performed a staged migration from Exchange 2003 to Office 365.  There were several users whose names changed over the years due to marriages.  Their pre-Windows 2000 AD logon name was changed as well to reflect their new name.  However, these dirsynced users were getting an Office 365 user name based on their old name from a non-updated userPrincipalName in AD.

For example, here's what Mary Smith's user account looks like in Active Directory:

UPN is unchanged from Mary Osgood

Mary has been logging in as contoso\mary.smith ever since she got married and her account was changed.  However, when DirSync was run Mary's account in Office 365 was set to the UPN, mary.osgood@contoso.onmicrosoft.com. 


You'll notice that you cannot change the user name field in Office 365 and the display shows, "This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory."

You can change the UPN in AD, but it will not update the user name in Office 365 when DirSync runs. The Office 365 username is configured once during the initial sync and will not be updated.  The only way to change it is by using Windows Azure Active Directory Module for Windows PowerShell.

Login to Windows Azure Active Directory Module for Windows PowerShell with Office 365 administrator credentials and run the following command:
Set-MsolUserPrincipalName -UserPrincipalName mary.osgood@contoso.onmicrosoft.com -NewUserPrincipalName mary.smith@contoso.com
This cmdlet will change the Office 365 user name from mary.osgood@contoso.onmicrosoft.com to mary.smith@contoso.com.  You can change the UPN to any valid domain.

4:17 PM