Catching up on the latest updates in the Office 365 for IT Pros, there was an update to the behaviour of licensed synchronised users User Principal Name (UPN). If this book isn’t part of your library I fully recommend adding it. This change means that licensed synchronised users will have their UPN updated upon change.
Note: In a change, Microsoft made to its synchronization service, tenants created after 15th June 2016, automatically update the UPN of a synchronized account in Office 365 through the directory synchronization process –even if it's licensed. Tenants created before that date must enable the feature. This update does not apply to federated identities.
Like any change/feature I test in my test Office 365 Tenant, here are my notes on the change, using Windows Azure Active Directory Module for Windows PowerShell, run the following cmdlet:
[PS] Get-MsolDirSyncFeatures
To update this setting run the following cmdlet:
[PS] Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
Checking the Metaverse for my test user Lisa Simpson we can see the UPN is currently set to simpsonl@skitttech.co.uk
Looking in Active Directory Users and Computers (ADUC) you can see this is how the account was setup:
Note: When making any changes to Active Directory, ensure you know what you’re changing and the reason for the change. In my lab and with clients I only change the UPN and not the Windows 2000 name, as users tend to login to Domain joined workstations with this identity.
Simply changing the UPN:
Will result in the Metaverse being updating the UPN to lisa.simpson@skitttech.co.uk:
Which in turn after the Azure AD Connect server has synchronised to Azure AD will update the UPN within Office 365:
Summary
After making these changes to the Office 365 Tenant will enable changes to the UPN to be updated; From my tests, I found that any changes that were been made prior to the configuration change the UPN will not be updated. Just update the AD object again will result in the UPN being updated in the Metaverse and synchronised to Azure AD.
This will not result in any changes to the user’s email address as these should be controlled by the Email Address Policy from Exchange, but I did find that this change did result in a change the users SIP address for Skype for Business Online.
Pre-Change:
Post Change:
I’m not a Skype for Business Online expert and will double check this change with one of my colleagues on the impact to the Skype for Business Online services.
Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty. While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.
This change means that licensed synchronised users will have their UPN updated upon change. CPSA-FL exam dumps
ReplyDelete