locked
Skype for Business Hybrid (Users synced with different UPN's) RRS feed

  • Question

  • We currently have an on premises AD and associated Skype for Business 2015 deployment and are looking to create establish a hybrid SKB configuration to an existing O365 tenancy. The tenancy only has the identities synced, no mailboxes/exchange hybrid established yet. the on premises environment is fully configures with a functional edge server and federation enabled.

    The goal is to establish Cloud PBX with PSTN calling via the On-Premises SKB EV deployment (eventually for all users) however initially just a pilot for a subset of existing accounts or (at least) some new cloud created users.

    The complication is, we are syncing users (including pw sync and all attributes) from on-prem AD to AAD (using AAD Connect) and in the process re-writing the user UPN to another domain

    Simply; 

    On Prem         O365

    UPN:         user@domain1.com -> user@domain2.com  {rewrite}

    SKB/SIP: user@domain1.com -> user@domain1.com  {no change}

    (noting that both domain1 + domain2 exist in the tenancy, domain1 is just not assigned/associated to any users, no username aliases etc.)

    I’m trying to understand what (if any) changes to the identities in cloud or on premises will be required to get hybrid established ?

    Obviously there are many thing to consider before we would think about migrating users (such as getting the mailboxes up there) so thats not part of the initial requirement.

    I understand this would be a pretty standard scenario if we were not doing the UPN re-write when syncing to the AAD however this is required. 


    • Edited by NathIsGreat Tuesday, December 5, 2017 1:38 PM
    Tuesday, December 5, 2017 1:38 PM

All replies

  • Hi NathIsGreat,

     

    If I understand correctly。First ,you want to syncing users from on-prem AD to AAD, but before or after the sync process ,you need to changed user UPN to another domain?

    I am not familiar with that ,but the following link may help you about the Changing User Principal Names (UPN) with Azure Active Directory Sync Tool (DirSync)

    http://rainesy.com/changing-user-principal-name-upn-with-azure-active-directory-sync-tool-dirsync/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 6, 2017 3:10 AM
  • Hi Leon, 

    Identities are already being synced along with passwords and are working fine.

    The issue is the UPN's are (intentionally) being re-written so no longer match the ones on premises (in AD / Skype).

    Wednesday, December 6, 2017 3:42 AM
  • Hi NathIsGreat,

    There are three possible causes of this issue:

    1.Your company domain is not yet verified. The domain of the on-premises UPN or alternate login ID is a domain that's not yet verified in Azure Active Directory (Azure AD).

    2.The user in Azure AD is not federated and was assigned a license.

    3.The domain suffix of the UPN or alternate login ID has changed from one federated domain to another federated domain.

    And the solution,you could refer to the following link.

    https://support.microsoft.com/en-us/help/2523192/user-names-in-office-365--azure--or-intune-don-t-match-the-on-premises



    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 6, 2017 8:08 AM
  • Well, you don't have to change anything, the identities scenarios you currently have should work perfectly.

    I can login to my domain joined PC using username@domain2.com while I login to SFB Online, OnPrem and Hybrid using user@domain1.com -- very typical scenario. 

    Wednesday, December 6, 2017 2:36 PM
  • Are there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who has similar issue.

    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 13, 2017 9:12 AM