locked
DirSync V2 & UPN RRS feed

  • Question

  • I've only recently discovered that dirsync v2 requires that the UPN match the smtp address for it to function correctly.

    We are a BPOS customer and will be transitioned soon, but our local domain @xyz.net is not @xyz.com so our UPN is not the same as our @xyz.com smtp address, and @xyz.net is not routable.

    DirSync v1 is working fine now.

    I understand that i can add @xyz.com suffix to domain, and can update UPN via script to match.  

    But my question is, if we're unable to complete this in time of migration, as long as i keep dirsync off, update UPN in internal domain, then turn on dirsync v2, i shouldn't have any problems with existing and with creating new accounts in AD?  

    Monday, May 21, 2012 10:28 PM

All replies

  • Same issue here .. Your description matches what we're being told. The AD UPN must match primary email address for Dir Sync v2 to work. I'll be finding out shortly if that's true as our transition is this weekend.
    Tuesday, May 22, 2012 1:28 PM
  • My migration this weekend too, i'm going to try to update the UPNs before, but, if not then i'll find out too.

    I'm still surprised that it wasn't clearly documented about this requirement.

    Tuesday, May 22, 2012 2:59 PM
  • I have several customers in O365 that have their UPN and SMTP address different.  This isn't a hard blocker, but you may see odd behavior for new users.  i.e. If you use the Email attribute in AD to create users instead of ProxyAddresses, the SMTP address in O365 will match the UPN. 

    UPN's in O365 (for transitioned accounts) should not be affected, but SMTP address can be affected since DirSync will make these changes upon initial sync to match what is in your on-premises AD.

    For the first sync of DirSync v2, objects are matched based in this priority: Primary SMTP Address, Email Address, UPN.  New users are created in the same manner, but, if there is no proxy address, it will be created based on the Email attribute, but the primary SMTP address will be matched to the UPN (unlike BPOS which would just create a proxy address based on the Email attribute and ignore the UPN.

    Glad I could toss more confusion on the fire.

    Dan


    www.insecurityinc.info

    Wednesday, May 30, 2012 8:17 PM