locked
Changing an MS Account to an Azure AD account RRS feed

  • Question

  • Hi -

    We have an account called "Evervest Operations" ops@evervest.com. It's a sort of "ops/support account" for our organization - not associated with any particular person so to speak. It's currently owning a BizSpark subscription (id : 18525ca8-ff58-4ee4-8159-a52aadb5ee67). When we first created our various systems, we created a Microsoft Account for ops@evervest.com. In retrospect we should have created a new organizational user in our Azure AD. So we would like to, if possible, change ops@evervest.com to be an Azure AD account (like all our other users). Or if possible, be able to create a new Azure AD user but hopefully be able to use the same account id (i.e ops@evervest.com). 

    Is this in any way directly or indirectly possible?

    Many thanks

    Deepak Natarajan

    Thursday, August 18, 2016 10:26 AM

All replies

  • Hi Deepak Natarajan,

    Thank you for reaching out to us!

    I don't think this is possible. We cannot convert Microsoft Account to Azure AD. See the discussion here - https://social.technet.microsoft.com/Forums/en-US/b1403f7b-3b00-4123-80f9-42b307c2c377/convert-local-accounts-to-aad-accounts?forum=win10itprosecurity

    This might also be informative - https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/5214614-merge-office365-and-live-accounts-that-use-the-sam

    Best Regards

    Sadiqh Ahmed
    ________________________________________________________________________________________________

    If this post was helpful to you, please upvote it and/or mark it as an answer so others can more easily find it in the future

    Thursday, August 18, 2016 7:47 PM
  • Hi Sadiqh Ahmed -

    Thanks for your response. I kinda expected this not to be possible, so we were thinking of the possible steps :

    We would like to use the account email ops@evervest.com

    So :

    1. On the MS account ops@evervest.com, add another email address e.g ops2@evervest.com and make this the primary address

    2. Wait for this change to propagate to Azure AD (Will this happen?) 

    3. Create a new Azure AD organizational account with ops@evervest.com

    4. Delete the user ops2@evervest.com

    Will step 2 happen? This is how we are hoping it will work.

    --deepak

    Friday, August 19, 2016 7:04 AM
  • Hi,

    It is common for people to encounter these issues when they have a Microsoft account with an overlapping namespace to that of now a verified domain in Azure AD. If the Microsoft account is present in the Azure AD and the Microsoft account has a UserID of user@contoso.com then you won't be able to create a cloud user object or provision a user via sync with a UPN of user@contoso.com as it will conflict.

    The guidance is for you to change the UserID of the Microsoft account to something else; you can find instructions on how to do that here: https://support.microsoft.com/en-us/help/11545/microsoft-account-rename-your-personal-account

    In terms of your question will that change then get synchronized back to AAD; I can tell you that it will not we don't keep the object in AAD in sync with that of the Microsoft Account (Consumer). You will need to remove that Microsoft account from the directory service to then allow you to create a new account with a UPN of user@contoso.com.

    You can add the Microsoft account back afterwards with it's new UserID.

    *If you are familiar with powershell; you can go and modify the object which represents your Microsoft account to have the new UPN value etc. If you do it this make sure you keep it in the same format and only change part of the UPN that now differs since you updated the Alias in consumer service. --

    user_outlook.com#EXT#@contoso.onmicrosoft.com

    I hope that helps,

    James.


    Senior Escalation Engineer EEE-Dev | Azure AD Serviceability | Identity Engineering Team | Azure AD Identity and Access Management | blog: http://aka.ms/edutech

    Sunday, August 21, 2016 10:09 AM