question

DaveBryan-5712 avatar image
DaveBryan-5712 asked ·

Azure AD Connect brings in new accounts defaulting username to @contoso.onmicrosoft.com

I posted this question last fall, but never got an answer and the thread is now locked. We have about 50 users in AzureAD, but about to bring in a few thousand for Office365. When I bring in the user initiially, it makes the primary username jsmith@contoso.onmicrosoft.com. When the users try to go login(hashes sync every 30 minutes) with their normal domain name of jsmith@contoso.com, they fail like the account is not there until I change the username to the match correct domainname from the drop-down menu of jsmith@contoso.com. Then the users can login fine.

Does anyone know of a way I can change this default to contoso.com, instead of having to manually change it for every user? It seems like I once found a location to change the primary domain name, but it still has no impact. Even a powershell script on changing the default suffix would be helpful at this point.

Thanks,

azure-active-directoryazure-ad-connectazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

MarileeTurscak avatar image
MarileeTurscak answered ·

Hi Dave,

If you haven't already, you need to make that domain your primary domain. You can do this by going to Custom domain names and selecting "Make Primary." See article >

5191-customdomain1.png


5201-customdomain2.png

The article goes over the details for how to update all of the users as well.

You can ForceDelete a domain name in the Azure AD Admin Center or using Microsoft Graph API. These options use an asynchronous operation and update all references from the custom domain name like “user@contoso.com” to the initial default domain name such as “user@contoso.onmicrosoft.com.”



customdomain1.png (30.5 KiB)
customdomain2.png (147.7 KiB)
Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveBryan-5712 avatar image
DaveBryan-5712 answered ·

I have already done that and it did not help.

Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
amanpreetsingh-msft answered ·

@DaveBryan-5712 What is the UPN in your On-prem AD? For instance, if it is user@contoso.local or user@contoso.xyz and the verified domain that you have added is contoso.com, you would need to add additional UPN suffix in you on-prem AD i.e., contoso.com and flip the UPN of all users from user@contoso.local or user@contoso.xyz to user@contoso.com. You can use below script for this purpose. Make sure you update DN of the OU after -SearchBase switch to the OU that contains all of your user accounts which are to be synced.

6041-capture.jpg

Please Accept as answer wherever the information provided helps you to help others in the community.



capture.jpg (31.4 KiB)
1 comment Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image amanpreetsingh-msft ·

@DaveBryan-5712 Have you had a chance to try the above steps?

0 Votes 0 · ·