sAMAccountName incorrect in AAD but correct in On premises AD.

Marc Livingstone 6 Reputation points
2022-02-15T14:50:43.187+00:00

I created a user account in our on-premises Active Directory and later made a change to the username. This had already synched with AAD with the incorrect pre-windows 2000 name. The change did not sync so I removed the account from AAD by removing the group from the user in on premises AD that triggers the sync in the account. After a while, this correctly removed the user from AAD. When I now add the group back and the user is synched to AAD again, the incorrect pre-windows 2000 name is still there in the AAD version.

I am unable to rename accounts in AAD. How do I fix this?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,628 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,862 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 130.8K Reputation points MVP
    2022-02-15T16:23:05.157+00:00

    So if you modify the account on-prem and then do a delta sync with AADConnect, does it update it?

    If this account licensed? Can you simply remove it from Azure if not and resync if the above does not work?

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/delete-and-restore-user-accounts-with-microsoft-365-powershell?view=o365-worldwide

    Followed by:
    Remove-MsolUser -UserPrincipalName "davidchew@Company portal .com" -RemoveFromRecycleBin

    Only do this if the account is not licensed or tied to anything in Azure!!!

    0 comments
  2. Marc Livingstone 6 Reputation points
    2022-02-15T17:06:49.02+00:00

    Hi Andy, thanks for the quick response.

    The account was removed from Azure and re synced from on-premises AD (which has the correct data). This re synced the user account to AAD but still it contains the incorrect pre windows 2000 name despite it being correct in the on premises AD.

    0 comments
  3. Andy David - MVP 130.8K Reputation points MVP
    2022-02-15T19:31:59.803+00:00

    Hi, was the account totally purged or just deleted?
    Did you try modifying the account and resyncing?
    If none of the above works, try a full sync versus a delta ( Note the full sync may take hours!)

    0 comments
  4. Limitless Technology 38,551 Reputation points
    2022-02-16T15:25:40.983+00:00

    Hello @Marc Livingstone

    Azure AD has still stale records of the account, as it would allow restoration of a recently deleted account. In this case, creating the account again, will make it connect with previous settings under same details.

    To completely delete de user, please follow the instructions in the next article:
    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-restore#to-permanently-delete-a-user

    Hope this helps with your query,

    --
    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments