question

RandScullard avatar image
0 Votes"
RandScullard asked ·

How to change domain name embedded in guest UPNs?

When I first set up my Azure Active Directory tenant, Azure made me choose an initial domain name based on onmicrosoft.com, for example contosoorg.onmicrosoft.com. The help text says "By default, a basic domain name at 'onmicrosoft.com' is included with your directory. Later, you can add a domain name that your organization already uses, such as 'contoso.com'." Because of this, I didn't think the initial domain name would be a big deal. Once I set up the tenant, I configured a custom domain name, for example contoso.com. I set the primary domain name of my AAD tenant to the new custom domain name. Everything seemed to be working fine.

Then I started inviting guest users. Each one that I have invited got assigned a UPN that looks like this: john.doe_somecompany.com#EXT#@contosoorg.onmicrosoft.com. Note that AAD is still embedding the initial domain name in the UPN instead of the primary domain name.

This is not causing any problems with functionality, but the oddball domain name has been noticed and I've been asked whether we can change this. Now would be the time to do it since we are just testing and have not rolled out the tenant to actual users. Anyone know if there is a way to change the domain name that AAD uses to generate UPNs?


azure-active-directoryazure-ad-user-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered ·

It should be using the default name, but it really doesnt matter. Those users do not authenticate against your Azure AD tenant, so the domain part of the UPN makes no difference. If needed, you can change it via PowerShell, but again, why bother.

 Set-MsolUserPrincipalName -UserPrincipalName "aaaaaaaaaaa#EXT#@domain.onmicrosoft.com" -NewUserPrincipalName "aaaaaaaaaaa#EXT#@domain.com"
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RandScullard avatar image
0 Votes"
RandScullard answered ·

OK, I was able to change it via PowerShell - thanks! (The answer to "why bother" is that now I can answer the person who asked, and save myself some trouble...)

I would still like it to generate the UPN with the correct domain name. This current behavior seems like a bug in Azure.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered ·

@RandScullard The current behavior is by design from Azure AD side and is not a bug actually. The user principal name (UPN) of the guest user account uses a prefix derived from the invitee's email address, combined with the tenant's initial domain—for example: prefix#EXT#@tenant.onmicrosoft.com

I can see that @michev has already answered your query, please accept his response as answer if it helped you so that it can benefit someone who is coming to this post in future.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.