unable to change Azure AD username of first Global Admin

tato386 41 Reputation points
2020-03-25T17:37:15.857+00:00

We created our Azure tenant using a Microsoft account that uses a corporate domain, ie name@Company portal .com. We now want to use AD Connect to sync on-prem AD but name@Company portal .com exists in on-prem AD and we want the local account to sync to Azure AD. What I did was to add an alias for the MSA called name@harsh.com .com and made that the primary alias for the MSA. (I have not removed the name@Company portal .com alias from the MSA yet.)

I can now login to Azure with name@harsh.com .com but the username in Azure AD still shows as name@Company portal .com and is not editable. I created another global admin but the second global admin cannot edit the first global admin either. I found some info on how to change Azure usernames using powershell but I am not comfortable trying that due yet due to fear of breaking something because this is the OG Global Admin of the tenant. In addition there is a subscription linked to this first Global Admin account that I don't wan to break.

Advise? Recommendations?

Thanks,
Diego

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,910 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 55,556 Reputation points
    2020-04-05T12:55:49.937+00:00

    @tato386 As far as I can think of, removing name@Company portal .com shouldn't cause any impact as it is also pointing to the same MSA but I personally haven't tested this scenario. As Microsoft has discontinued support for personal accounts to use custom domains, it is difficult to reproduce this scenario as well. Since this change is irreversible, I would suggest you to use this account to create a new user and assign global admin directory role and also assign owner role over any Azure subscriptions that you have, to make sure you do not lose access to Azure Portal or any resources created underneath your subscriptions if anything goes wrong after removal of the @Company portal .com alias.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 55,556 Reputation points
    2020-03-26T09:44:09.753+00:00

    @tato386 When you search the user in Azure AD, what is the source of the user account? If it is Windows Server AD, the account is already merged with on-prem AD Account. If it is Azure Active Directory, you might need to remove name@Company portal .com from the MSA. However, we strongly recommend that you keep at least one Global Admin account which is Cloud only (not synced) for disaster recovery scenarios.

    6051-untitled.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.