none
Custom expression in Azure AD Connect RRS feed

  • Question

  • Hi All,

    We have to change the UPN in Azure AD connect before provisioning in Azure AD.

    Is there is a way we set this is transformation level in Azure AD Connect.

    UPN : abc@contoso.com should replace by abc@fabrikam.com in Azure AD Connect.

    Please let me know. if below expression will work for replacing the @contoso.com with @fabrikam.com

    Word([UPN],1,"@") & "@fabrikam.com"

    Regards,
    Anirban



    Tuesday, May 16, 2017 9:25 AM

All replies

  • Hi,

    I would preferr to change the UPN within the source directory as you may loose functionality if the UPNs do not match.

    For example if you are using ADFS for auth the UPNs onPrem and AAD have to match.

    If the UPN has not the value you need you can maybe use another attribute (alternate login id) to synchronize to AAD UPN.

    What is the reason you are trying to change this by an attribute flow ?

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Tuesday, May 16, 2017 12:49 PM
  • Hi Peter,

    We have a requirement where the user want to use the email id for Login in Office 365, The current FIM design having a waiting period for the creation of mail id  and UPN as mail id in  source domain , FIM waits for the mail id to create in different domain and update the UPN with mail id in source domain after a 5 to 6 hours. Both this domain are federated.

    We have Azure AD connect which run parallel and in some case it is importing the UPN  which is not mail id of the user and provisioning the user in office 365 as there is a waiting period in FIM.

    Next when UPN is update with mail id in source domain from other domain, it try to update the UPN in Office 365, which result in federated-domain-change error.

    We can run script on Azure AD to convert the UPN to @xyz.onmicrosoft.com and in next sync it will eliminate the error.

    We are trying to get rid of this error.

    When Azure AD connect import the user from source domain, it always check the UPN of the user, if it is from the source domain then replace it with other domain, so in next import when Azure AD connect picks the correct UPN as mail id from the other domain it will not throw the error in Export.

    Regards,
    Anirban

    Tuesday, May 16, 2017 2:14 PM