question

EavenHuang avatar image
0 Votes"
EavenHuang asked MarileeTurscak-MSFT answered

Your identity synchronization from on-premises is unhealthy

Dear friend,

I received email from Microsoft Azure everyday saying about Your identity synchronization from on-premises is unhealthy, any idea how to fix this? The document saying

How to fix IdentityDataValidationFailed error
a. Ensure that the userPrincipalName attribute has supported characters and required format.

But I didn't find where are these options via Azure portal. Any help is appreciated.

107497-azure-identity.png


azure-managed-identity
azure-identity.png (29.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @EavenHuang-0590,

Thanks for your post!

You would add the UserPrincipalName on premises. The UPN cannot have special characters, so that might be your issue. The full list of requirements is here:

userPrincipalName

The userPrincipalName attribute must be in the Internet-style sign-in format where the user name is followed by the at sign (@) and a domain name: for example, user@contoso.com. All Simple Mail Transport Protocol (SMTP) addresses should comply with email messaging standards.
The maximum number of characters for the userPrincipalName attribute is 113. A specific number of characters are permitted before and after the at sign (@), as follows:
Maximum number of characters for the username that is in front of the at sign (@): 64
Maximum number of characters for the domain name following the at sign (@): 48
Invalid characters: \ % & * + / = ? { } | < > ( ) ; : , [ ] "
Characters allowed: A – Z, a - z, 0 – 9, ' . - _ ! # ^ ~
Letters with diacritical marks, such as umlauts, accents, and tildes, are invalid characters.
The @ character is required in each userPrincipalName value.
The @ character cannot be the first character in each userPrincipalName value.
The username cannot end with a period (.), an ampersand (&), a space, or an at sign (@).
The username cannot contain any spaces.
Routable domains must be used; for example, local or internal domains cannot be used.
Unicode is converted to underscore characters.
userPrincipalName cannot contain any duplicate values in the directory.



If this answer was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.