Share via

sync pre-windows-2000 attribute with AzureAD

Daniel Kaliel 1,341 Reputation points
2021-07-13T01:49:52.49+00:00

I thought I had this solved but no love for me. On the AzureAD Connector we have set sAMAccountName to be sync'd with azure AD. I thought that this was the pre-windows-2000 attribute but it is not working. Do we need to create a custom attribute with <DOMAIN>\<username> populated or have a I got the wrong attribute sync'ing?

Microsoft Entra
Microsoft Entra
A group of Microsoft multicloud identity and access solutions.
2,561 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,306 Reputation points Microsoft Employee
    2021-07-13T12:58:52.86+00:00

    @Daniel Kaliel Thanks for reaching out.

    sAMAccountName attribute should be syncing by default. It is already in list of of the attributes which sync to AzureAD.
    You should consider following scenario though under which sAMAccountName does not synchronize if :
    114180-image.png

    Also note, The SAMAccountName attribute, such as AADDSCONTOSO\driley, may be auto-generated for some user accounts in a managed domain. Users' auto-generated SAMAccountName may differ from their UPN prefix, so isn't always a reliable way to sign in.

    For example, if multiple users have the same mailNickname attribute or users have overly long UPN prefixes, the SAMAccountName for these users may be auto-generated. Use the UPN format, such as ******@aaddscontoso.com, to reliably sign in to a managed domain.

    ==========================================================================================

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.