question

DaveBryan-5712 avatar image
0 Votes"
DaveBryan-5712 asked ·

Azure AD Connect brings in new accounts defaulting username to @contoso.onmicrosoft.com

I posted this question last fall, but never got an answer and the thread is now locked. We have about 50 users in AzureAD, but about to bring in a few thousand for Office365. When I bring in the user initiially, it makes the primary username jsmith@contoso.onmicrosoft.com. When the users try to go login(hashes sync every 30 minutes) with their normal domain name of jsmith@contoso.com, they fail like the account is not there until I change the username to the match correct domainname from the drop-down menu of jsmith@contoso.com. Then the users can login fine.

Does anyone know of a way I can change this default to contoso.com, instead of having to manually change it for every user? It seems like I once found a location to change the primary domain name, but it still has no impact. Even a powershell script on changing the default suffix would be helpful at this point.

Thanks,

azure-active-directoryazure-ad-connectazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak avatar image
1 Vote"
MarileeTurscak answered ·

Hi Dave,

If you haven't already, you need to make that domain your primary domain. You can do this by going to Custom domain names and selecting "Make Primary." See article >

5191-customdomain1.png


5201-customdomain2.png

The article goes over the details for how to update all of the users as well.

You can ForceDelete a domain name in the Azure AD Admin Center or using Microsoft Graph API. These options use an asynchronous operation and update all references from the custom domain name like “user@contoso.com” to the initial default domain name such as “user@contoso.onmicrosoft.com.”



customdomain1.png (30.5 KiB)
customdomain2.png (147.7 KiB)
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveBryan-5712 avatar image
0 Votes"
DaveBryan-5712 answered ·

I have already done that and it did not help.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@DaveBryan-5712 What is the UPN in your On-prem AD? For instance, if it is user@contoso.local or user@contoso.xyz and the verified domain that you have added is contoso.com, you would need to add additional UPN suffix in you on-prem AD i.e., contoso.com and flip the UPN of all users from user@contoso.local or user@contoso.xyz to user@contoso.com. You can use below script for this purpose. Make sure you update DN of the OU after -SearchBase switch to the OU that contains all of your user accounts which are to be synced.

6041-capture.jpg


Please Accept as answer wherever the information provided helps you to help others in the community.



capture.jpg (31.4 KiB)
· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DaveBryan-5712 Have you had a chance to try the above steps?

0 Votes 0 ·
brano-9800 avatar image
0 Votes"
brano-9800 answered ·

Hi there

I would join this query as I'm facing same issue with setting up ADD connect. I work to setup sync between on-prem AD and o365 with same set of accounts. I went trough AAD Connect custom setup carefully following documentation and set up sync between them. I have customer default domain in AAD as well as same domain suffix added in on-prem ad. However It seems to be not working as expected.

When I create new user with custom domain UPN it is synchronized to AAD with custom domain UPN, but after moments it switch back to default domain in AAD as well as in .local domain name in on-prem AD.

Can you advice what may be causing this?

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.