sync pre-windows-2000 attribute with AzureAD

Question

sync pre-windows-2000 attribute with AzureAD

Daniel Kaliel 1,111

I thought I had this solved but no love for me. On the AzureAD Connector we have set sAMAccountName to be sync'd with azure AD. I thought that this was the pre-windows-2000 attribute but it is not working. Do we need to create a custom attribute with <DOMAIN>\<username> populated or have a I got the wrong attribute sync'ing?

Answer 1

@Daniel Kaliel Thanks for reaching out.

sAMAccountName attribute should be syncing by default. It is already in list of of the attributes which sync to AzureAD.
You should consider following scenario though under which sAMAccountName does not synchronize if :

Also note, The SAMAccountName attribute, such as AADDSCONTOSO\driley, may be auto-generated for some user accounts in a managed domain. Users' auto-generated SAMAccountName may differ from their UPN prefix, so isn't always a reliable way to sign in.

For example, if multiple users have the same mailNickname attribute or users have overly long UPN prefixes, the SAMAccountName for these users may be auto-generated. Use the UPN format, such as driley@aaddscontoso.com, to reliably sign in to a managed domain.

==========================================================================================

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Daniel Kaliel 1,111 Reputation points

2021-07-13T16:44:40.73+00:00

We need the format <DOMAIN\<username> in order for users to sign into PowerBI. It brings in the UPN but we need it to use <DOMAIN\username> for the SQL connections I believe.

The username transform rules are limited and there doesn't appear to be a way to transform the UPN.

sync pre-windows-2000 attribute with AzureAD

1 answer

Activity