It has been a while since my last post. Lets hope I can break the evil spell and write some useful stuff in the near future.
You probably know this, but it so happens that I get this question a lot.
Customers run an DirSync or AAD Sync and ADFS environment. Sooner or later they are going to change the UPN for an user and the next time FIM tries to update the user you will receive the following error
“Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid. Update the value in your local Active Directory”
You end up running the new UPN onprem while the old one is working for some cloud services. Not exactly a happy existence.
So this is the recommended way to change from one federated UPN to another.
- The obvious. Fire up the shell and connect to MSOLService
- First you have to change the UPN to your default domain UPN. Which is the name you first used to register the O365 tenant.
Set-MsolUserPrincipalName -UserPrincipalName Sem@msitpros.com -NewUserPrincipalName Sem@msitpros.onmicrosoft.com</code><code>
- Now you will be able to change the UPN to another federated UPN
Set-MsolUserPrincipalName -UserPrincipalName Sem@msitpros.onmicrosoft.com -NewUserPrincipalName Sem@Something.com