YashikaTyagii
commented
2 years ago @wardkeller Thanks for your feedback! We will investigate and update as appropriate.
Open wardkeller opened 2 years ago
YashikaTyagii
commented
2 years ago @wardkeller Thanks for your feedback! We will investigate and update as appropriate.
ManoharLakkoju-MSFT
commented
2 years ago @wardkeller Thanks for your feedback! I've assigned this issue to the author who will investigate and update as appropriate. @Gargi-Sinha Please review this.
See Microsoft Service Request #32442551
This section of the docs: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/howto-troubleshoot-upn-changes#upns-in-azure-active-directory
Specifically: If the value of the userPrincipalName attribute doesn't correspond to a verified domain in Azure AD, the synchronization process replaces the suffix with a default .onmicrosoft.com value.
Needs clarification.
When you have existing users in AAD/365 configured manually with a UPN that DOES exist as a verified domain in Azure AD, and you add a new verified domain in 365, for example a subdomain, something (not clear if AAD Connect because we couldn't see anything in the AAD Connect logs) causes AAD to re-evaluate all users UPNs and most (not all) users can have their UPNs revert back to an .onmicrosoft.com domain. Support ticket couldn't clarify completely apart from saying that non routable domains shouldn't be used on prem (our configuration) and that these types of sync issues can occur. We accept that using a routable on prem UPN is preferred (and will move to this), but we did not expect EXISTING manually configured users to revert just by adding a new verified domain.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.