Share via

Problem "duplication attribute" with first Azure AD Connect Sync

Allan Stark 561 Reputation points
2021-02-05T16:39:25.207+00:00

I'm syncing the local AD with the Azure AD.
Many accounts have been created in the Azure AD for a long time and used cloud services (ExO, SharePoint etc.).

Local domain: company.local, added additional UPN suffix "company.com"
AzureAD: company.com (as primary domain)

Three users have local UPN suffixes which are different from the Azure AD.

Azure AD Connector shows the following error for all these accounts:

64661-2.jpg

"proxyAddress" field in their local AD account is empty, but the "mail" field contains the correct address.
Also I see that error in the "Azure Active Directory Connect Health" tool on the Azure website:

64558-3.jpg

Questions:

  1. How to solve this problem?
  2. How to leave UPN in the O365 cloud the same as it was before the synchronization attempt?
    Because I tried to apply the fix ("Troubleshoot" in "Azure Active Directory Connect Health") for a test account with a similar problem and this led to the replacement of the UPN suffix with the one that was in the local AD domain. This will most likely lead to the need to change the settings for connecting to the O365 on users' devices, which is undesirable.
  3. Can I use "Set-MsolUserPrincipalName" PowerShell comandlet after successfully AD sync to solve #2?
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Allan Stark 561 Reputation points
    2021-02-05T20:58:07.293+00:00

    Thank you for your answer.

    What is the difference between Set-AzureADUser cmdlet and Set-MsolUserPrincipalName from MSOnline module?

    It seems to also allow to change UPN name by:
    Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.