Resolving FerderatedDomainChangeError in Azure AD Connect

2019-01-23 Leave a comment

Background

FerderatedDomainChangeError is a fairly common issue to come across in the Azure AD Export job of the Azure AD Synchronization Service. The issue occurs whenever a users UPN is changed from one custom domain to another.

Solution

Office 365 Admin Portal

  1. Sign in to https://portal.office.com/AdminPortal/ using an account with sufficient privileges.
  2. Search for the user and open the user settings.
  3. Click “Edit” to the right of the “Username” field.
  4. Change the UPN suffix to <domain>.onmicrosoft.com
  5. Save your changes.
  6. At the next Azure AD sync the UPN will be overwritten with the value from Active Directory. Wait for the sync to occur or start one manually.

Azure AD V1 PowerShell

Start PowerShell on a computer with the Azure AD V1 module installed.

Connect

Connect-MSOLService

Set the temporary UPN

#Example
#Set-MSOLUserPrincipalName -UserPrincipalName martin@technut.se -NewUserPrincipalName martin@technut.onmicrosoft.com

Set-MSOLUserPrincipalName -UserPrincipalName <user@OldDomain.com> -NewUserPrincipalName <user>@<domain>.onmicrosoft.com

At the next Azure AD sync the UPN will be overwritten with the value from Active Directory. Wait for the sync to occur or start one manually.

Leave a Reply

Your email address will not be published. Required fields are marked *