Azure AD Connect brings in new accounts defaulting username to @contoso.onmicrosoft.com

Dave Bryan 96 Reputation points
2020-03-20T20:35:21.053+00:00

I posted this question last fall, but never got an answer and the thread is now locked. We have about 50 users in AzureAD, but about to bring in a few thousand for Office365. When I bring in the user initiially, it makes the primary username jsmith@Company portal .onmicrosoft.com. When the users try to go login(hashes sync every 30 minutes) with their normal domain name of jsmith@Company portal .com, they fail like the account is not there until I change the username to the match correct domainname from the drop-down menu of jsmith@Company portal .com. Then the users can login fine.

Does anyone know of a way I can change this default to contoso.com, instead of having to manually change it for every user? It seems like I once found a location to change the primary domain name, but it still has no impact. Even a powershell script on changing the default suffix would be helpful at this point.

Thanks,

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,457 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2020-03-20T20:52:19.493+00:00

    Hi Dave,

    If you haven't already, you need to make that domain your primary domain. You can do this by going to Custom domain names and selecting "Make Primary." See article >

    5191-customdomain1.png

    5201-customdomain2.png

    The article goes over the details for how to update all of the users as well.

    You can ForceDelete a domain name in the Azure AD Admin Center or using Microsoft Graph API. These options use an asynchronous operation and update all references from the custom domain name like “user@Company portal .com” to the initial default domain name such as “user@Company portal .onmicrosoft.com.”

    2 people found this answer helpful.
    0 comments
  2. Dave Bryan 96 Reputation points
    2020-03-25T15:29:12.643+00:00

    I have already done that and it did not help.

    1 person found this answer helpful.
    0 comments
  3. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-03-26T09:18:33.49+00:00

    @Dave Bryan What is the UPN in your On-prem AD? For instance, if it is user@contoso.local or user@contoso.xyz and the verified domain that you have added is contoso.com, you would need to add additional UPN suffix in you on-prem AD i.e., contoso.com and flip the UPN of all users from user@contoso.local or user@contoso.xyz to user@contoso.com. You can use below script for this purpose. Make sure you update DN of the OU after -SearchBase switch to the OU that contains all of your user accounts which are to be synced.

    6041-capture.jpg

    -----------------------------------------------------------------------------------------------------------

    Please Accept as answer wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.
  4. brano 6 Reputation points
    2020-11-26T08:25:09.28+00:00

    Hi there

    I would join this query as I'm facing same issue with setting up ADD connect. I work to setup sync between on-prem AD and o365 with same set of accounts. I went trough AAD Connect custom setup carefully following documentation and set up sync between them. I have customer default domain in AAD as well as same domain suffix added in on-prem ad. However It seems to be not working as expected.

    When I create new user with custom domain UPN it is synchronized to AAD with custom domain UPN, but after moments it switch back to default domain in AAD as well as in .local domain name in on-prem AD.

    Can you advice what may be causing this?

    1 person found this answer helpful.
    0 comments