Share via

How to reassign/rematch an AD user with a M365 user account?

Atlas Business Solutions 0 Reputation points
2023-10-19T19:04:54.83+00:00

I'm taking over a client from a previous service provider. They managed separate AD on-premise and M365 environments so that passwords and even usernames weren't aligned or consistent.

For example, most users were given the identity first-initial + last-name, while some were given the identity firstname only. (They want to use first-initial + last-name).

I enabled Microsoft Entra Cloud Sync prematurely and changed these users on the local AD server to use the new convention. The M365 account with bsmith@example.com is the active account. So now I have situations where account DOMAIN\bsmith has 2 accounts in M365, one for bob@example.com (which is synced from the on-premises server but has no M365 licenses associated with it) and bsmith@example.com which isn't synced from the on-premise server but has all of Bob's email and OneDrive data?

How do I detach the on-premises account DOMAIN\bsmith from syncing to M365's bob@example.com, and instead attach it to the M365 account: bsmith@example.com without deleting Bob's active M365 account bsmith@example.com?

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2023-11-02T22:17:42.84+00:00

    Hi @Atlas Business Solutions , to reassign the on-premises account DOMAIN\bsmith to the M365 account [bsmith@example.com], you can follow these steps:

    1. Update the UserPrincipalName (UPN) attribute in your on-premises Active Directory for the user DOMAIN\bsmith to match the desired M365 account ([bsmith@example.com]).
    2. Make sure the feature to synchronize UPN changes for managed users is enabled in your Azure AD directory. You can check this by running the following PowerShell command: Get-MsolDirSyncFeatures -Feature SynchronizeUpnForManagedUsers
    3. If it's not enabled, enable it with: Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
    4. Run a delta sync on your Azure AD Connect to synchronize the updated UPN attribute to Azure AD. After completing these steps, the on-premises account DOMAIN\bsmith should be synced with the M365 account [bsmith@example.com]. The previously synced account ([bob@example.com]) will remain in M365, but you can remove it if it's no longer needed.

    Please note that changing the UPN for federated users is allowed since March 2019. Make sure to backup any important data before making these changes.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.