Microsoft Data Protection Team to repair identity mismatches that cause admin issues

Question

I wanted to change the admin on my 365 account and I have now broken links and nothing works properly.

I wanted to make <Mod mask PII> Bxxx @victoriaglobalvillage.ca a user and create a new <Mod mask PII> axxx @victoriaglobalvillage.ca

Now everything seems broken and nothing is working properly

This is appropriate especially when:

• OneDrive/SharePoint ownership is broken
• Admin account was renamed incorrectly
• Aliases cannot be removed
• Multiple conflicting identities exist

Answer 1

Hi,

Thank you for sharing your question. I completely understand how overwhelming it feels when admin changes in Microsoft 365 lead to broken permissions, mismatched identities, and services like OneDrive or SharePoint no longer functioning correctly. Issues like incorrect renames, reused email addresses, and conflicting identities can cause unexpected access errors and ownership problems across your tenant.

Based on my knowledge, problems like broken OneDrive/SharePoint ownership, aliases that cannot be removed, and accounts that stop functioning usually occur when an admin account is renamed incorrectly or when a user is deleted and recreated using the same email address. This creates an identity mismatch, where the new account receives a new internal ID, but OneDrive or SharePoint continues to reference the old ID, leading to access failures, missing ownership, and inconsistent behavior.

To move toward a resolution, you can run the Site User ID Mismatch diagnostic from the Microsoft 365 admin center using a Global or SharePoint admin account. The diagnostic checks both internal and guest identities, validates the correct UPN, and realigns the user entry in the SharePoint/OneDrive UserInfo list. Once successful, changes may take up to 24 hours to fully propagate, including restoring a user’s OneDrive link and clearing any conflicting identity remnants.

May I ask whether the original admin account was deleted and recreated, or whether you renamed the admin UPN directly before the issues started? If you can confirm which account names were changed, I can guide you step‑by‑step through the repair process and ensure the correct identity is restored across Microsoft 365. I’m here to assist until everything is working normally again.

 

I hope this helps.

 

Best Regards,

Noel

Answer 2

For broken admin/user identities and ownership issues in Microsoft 365, the repair path depends on whether access to an admin account still exists. Because identity links and ownership (OneDrive/SharePoint, aliases, admin role) are involved and appear misconfigured, this is a tenant-level identity problem that typically requires Microsoft support and, if no other admin exists, the Microsoft Data Protection team.

Use these steps as a recovery path:

1. Verify who the current admin is

• If sign-in to any Microsoft 365 admin account is still possible, go to the Microsoft 365 admin center and confirm which account(s) have admin roles.
• If sign-in is not possible or admin rights are unclear, identify who in the organization originally purchased or set up the subscription; that person is often the initial admin.
• If unsure who the admin is, follow the guidance in “How do I find my Microsoft 365 admin?” and “Find the administrator for your work or school account” to locate the correct internal contact (HR, IT, owner, or support team).

2. If an admin can still sign in: correct the user and email configuration Once an account with sufficient admin rights can sign in to the Microsoft 365 admin center:

1. Fix the admin account name and email

• In the Microsoft 365 admin center, go to Users > Active users.
• Select the affected admin account.
• On the Account tab, use Manage username and email to:
  • Ensure the correct primary username and email address are set.
  • Ensure the correct domain (for example, @victoriaglobalvillage.ca) is selected.
  • Save the changes.
• If the display name is incorrect, use Manage contact information to correct the display name and save.

2. Correct the user vs. admin split for the @victoriaglobalvillage.ca identity

• Decide which account should be the actual admin and which should be a standard user.
• For the admin account:
  • Ensure it has the appropriate admin role (for example, user administrator or global admin) and the correct primary email.
• For the standard user account:
  • Ensure it has the correct primary email and any required aliases.
  • Remove any admin roles that are no longer appropriate.

3. Resolve alias / proxy address conflicts If an address or alias cannot be assigned because it is “already in use” or a deleted user is involved:

• In the Microsoft 365 admin center, go to Users > Deleted users.
• Restore any deleted user that needs to be brought back.
• During restore, any conflicting proxy addresses are automatically removed from the restored user, which helps clear conflicts.
• After restore, reassign the correct primary and alias addresses to the appropriate active user.

4. Check for identity mismatches from on-premises sync (if applicable) If the environment is federated or synchronized with on-premises Active Directory and issues affect only some accounts, the cause may be incorrect setup in on-premises AD:

• Verify that the user principal name (UPN) for each affected account in on-premises AD matches the intended federated domain (for example, @victoriaglobalvillage.ca).
• Ensure the correct UPN suffix is selected on the user’s Account tab in Active Directory Users and Computers.
• Confirm that the Microsoft 365 account has the correct license assigned for the needed resources (OneDrive/SharePoint, etc.).

If the Microsoft 365 account is synced from on-premises AD and certain attributes (like username) cannot be edited in the cloud, those must be corrected in on-premises AD and then synchronized.

3. If no admin can sign in or admin identity is broken If the only global admin account was renamed incorrectly, lost access (for example, MFA lockout), or cannot be used to fix identities, the situation becomes a tenant lockout/identity protection issue. In this case, the Microsoft Data Protection team must be involved.

Use one of these paths:

1. Call Microsoft support and request Data Protection involvement

• Use the Microsoft customer service phone numbers.
• When navigating the automated system, clearly state that this is an Office 365 for business / company account, that this is an admin lockout / identity issue, and that there is no other admin.
• Ask specifically to create a service request and to be routed to the Data Protection team to repair admin access and identity issues.

2. If phone support cannot be reached, create a temporary trial tenant to open a ticket

• Sign up for a new Microsoft 365 trial tenant (separate from the broken tenant).
• In that new tenant, go to the Microsoft 365 admin center and open Help & support.
• Create a support ticket explaining:
  • The domain (for example, victoriaglobalvillage.ca) and tenant that is broken.
  • That the admin identity was changed and now OneDrive/SharePoint ownership and aliases are broken.
  • That there is no working global admin in the affected tenant.
• Request escalation to the Data Protection team to restore proper admin access and repair identity mismatches.

The Data Protection team can verify identity and ownership and then help restore or correct the admin account, which is necessary before OneDrive/SharePoint ownership and aliases can be fully repaired.

4. After admin access is restored Once the Data Protection team or support restores a working global admin account in the original tenant:

• Revisit Users > Active users to:
  • Confirm each user’s primary email and aliases.
  • Ensure the intended admin account is correctly configured and has the proper admin roles.
• Reassign OneDrive and SharePoint site ownership as needed from the restored admin account.
• For any remaining proxy/alias conflicts, use the deleted users restore process to clear conflicting addresses, then reassign them correctly.

---

References:

• Troubleshoot account issues for federated users in Microsoft 365, Azure, or Intune
• How do I find my Microsoft 365 admin?
• Find the administrator for your work or school account
• Change a user name and email address
• Restore a user in the Microsoft 365 admin center
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• I cant log in to my business account because it is requiring Authenticator app which I do not have - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A