locked
User UPN changing back and forth automatically between domain alias and main domain RRS feed

  • Question

  • Hello,

    We have a local active directory synchronized with Azure Active Directory using the directory sync tools. We also have a local domain in the form local.dompany_domain.com and a company internet domain in the form company_domain.com which is also an alias for our local.company_domain.com

    When creating an user we can select both the local.company_domain.com or the commpany_domain.com as valid domains for the upn so the final one is

    user_name @ local.company_domain.com or user_name @ company_domain.com

    The problem we have comes appears when we create or change the user upn to user_name @ company_domain.com using the local directory. After some seconds the upn in the azure active directory is automatically changed to user_name @ company_domain.com and everything is fine. But, after 10 minutes the upn both in the local directory is changed back to user_name @ local.company_domain.com

    Any idea about what might be going on?

    Monday, June 19, 2017 4:35 PM

All replies

  • Hello,

    We have a local active directory synchronized with Azure Active Directory using the directory sync tools. We also have a local domain in the form local.dompany_domain.com and a company internet domain in the form company_domain.com which is also an alias for our local.company_domain.com

    When creating <g class="gr_ gr_21 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="21" id="21">an user</g> we can select both the local.company_domain.com or the commpany_domain.com as valid domains for the <g class="gr_ gr_19 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="19" id="19">upn</g> so the final one is

    user_name@local.company_domain.com or user_name@company_domain.com

    The problem we have comes appears when we create or change the user <g class="gr_ gr_24 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="24" id="24">upn</g> to user_name@company_domain.com using the local directory. After some seconds the <g class="gr_ gr_25 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="25" id="25">upn</g> in the azure active directory is automatically changed to user_name@company_domain.com and everything is fine. But, after 10 minutes the <g class="gr_ gr_26 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="26" id="26">upn</g> both in the local directory is changed back to user_name@local.company_domain.com

    Any idea about what might be going on?


    Monday, June 19, 2017 4:31 PM
  • You need to change the .local domain to routable domain first. 
    You may refer to the article on How to prepare a non-routable domain (such as .local domain) for directory synchronization in the below link:
    https://support.office.com/en-us/article/How-to-prepare-a-non-routable-domain-such-as-local-domain-for-directory-synchronization-e7968303-c234-46c4-b8b0-b5c93c6d57a7

    ---------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members. 

    • Proposed as answer by vijisankar Tuesday, June 20, 2017 3:32 PM
    Tuesday, June 20, 2017 3:32 PM
  • Thanks for the help but we already did that in the past. The domain is perfectly verified both in Azure and in Office 365 and is included as a valid alternative UPN suffix. As such it is possible to get an user and name them as user@domain.com 

    This is also correctly propagated to Azure directory and office 365 and we can login as user@domain.com instead of user@local.domain.com

    The problem is that this only lasts like 10 minutes. After 10 minutes everything is reverted and the user upn is changed back without us doing anything to the old local.domain.com

    This is really confusing.

    Tuesday, June 20, 2017 3:40 PM
  • So the first thing we need to find is, who is changing UPN back to user_name@local.company_domain.com? configure auditing, if not configured already in your local AD and find out who is flipping the UPN back? What version of ADConnect you are using?
    Thursday, July 13, 2017 5:45 AM