Sign up for Office 365
Learn more about Office 365
My user are configured with the following standard in AD:
- UPN = First Last@contoso.local (with space and non routable domain)
- sAMAccountName (pre-windows) = CONTOSO\First Last (with space)
- Email = First.Last@contoso.com
I'm planning to deploy DirSync (without SSO) with an Hybrid coexistence for the migration. I have Exchange 2010 SP2 on-premises.
I will change the UPN from "First Last@contoso.local" to "First.Last@contoso.com" for all the users before running DirSync.
According to the following URL, the space in sAMAccountName seems to be supported:
My goal is the have the cloud UPN for login equal to email.
I don't want to change the samAccountName to minimize the impact. Do I need to change it?
What DirSync is using to create the new UPN in the cloud? Is it the full on-premises UPN (prefix and suffix) or it is sAMAccountName?
Thanks for posting here.
No, it does not need to change the sAMAccountName attribute even though you have changed all users’ UPN.
To have the cloud UPN for login equal to email, please verify the new domain to Office 365 and then convert this domain to federated domain. After that, when you run DirSync, synced cloud userswill have the same UPN with on-premises users.
What will be the UPN in the cloud? First
Last@contoso.com (prefix=sAMAccoutName) or First.Last@contoso.com (a copy of
the full on-premises UPN)
Just as Neo
mentioned, it will be First.Last@contoso.com as the UPN in Office 365.
In addition, please
refer below KB article for more detailed information about the attribute lists
that synced to Office 365:
Thanks Jolin for the answer and references.
Also, Office 365 Help Desk reviewed their answer regarding the space in the sAMAccountName from unsupported to supported:
"After further investigation it was discovered that a space can be used in the san account name.
The point that was discovered was that with Office we 365 the name will be automatically converted with a period (.) in place of the space ( ). "
What do you mean by "convert this domain to federated domain"?
Yes, I'll add my custom domain "contoso.com" and verify it before running DirSync. But in my case, the users will not be federated using SSO but only synchronize with DirSync.
If I have:
- UPN = First.Last@contoso.com (because I'll change it to be equal to email before DirSync)
- User logon name (pre-windows 2000) - sAMAccountName = CONTOSO\First Last (contoso.local AD domain with space for the user name)
- Email = First.Last@contoso.com
I'll keep the sAMAccountName with the space (First Last).
What DirSync is using to create the new cloud UPN (Office 365 login) and the Lync-SIP sign-in address? Is it the complete on-premises UPN?
So, If on-premises UPN exist (First.Last@contoso.com) and the custom domain (contoso.com) is verified in Office 365. O365 will use on-premises UPN (prefix@suffix) to create the cloud UPN First.Last@contoso.com?
According to Ryanph, the on-premises AD sAMAccountName will be used by DirSync if there is no UPN. Is it always the case with the latest DirSync version?
Other than the case mentioned by Ryanph (without UPN), my understanding is that on-premises sAMAccountName is never used by Office 365?
Thanks a lot for your help
I have different idea. Dirsync server will query the users based on the samAccountName ,but sync this attribute to Office365.
For Office365 side, it's using UPN to match the user.
Thanks, Neo Zhu
Grace, Neo, thanks for your answers, but it's still not clear for me how DirSync is working and what is supported by Office 365.
According to the following article:
DirSync uses sAMAccountName part of the filter to decide if the user object will be synchronized or not (Ex: sAMAccoutName must be present). If the user object passed all the filter criterias then it will be synchronized to the cloud.
The article list also all the user object attributes that will be synchronized. In the list, UPN is there but not the sAMAccountName. With this in mind, it means that the on-premises UPN will be sync and used for the cloud UPN.
So, in my case:
on-premises UPN = First.Last@contoso.com
on-premises sAMAccountName = First Last
My understanding is that my cloud UPN should be: First.Last@contoso.com
What will be the UPN in the cloud? First Last@contoso.com (prefix=sAMAccoutName) or First.Last@contoso.com (a copy of the full on-premises UPN)
My goal is to not change my sAMAccountName with the space (First Last). Do I need to change it? Is it supported by Office 365? ... If Office 365 doesn't use it, it doesn't matter?
Grace, your answer is that I do not need to change the sAMAccountName and I can keep the space. But, the Office 365 help desk told me that the space, even if it is in the middle of the sAMAccoutName, is an illegal and prohibited character for a sAMAccountName.
I read on different sources that the space is invalid for the UPN but not for the sAMAccountName.
I begin to be really confused, the answers I got are too divergent.
Does anyone can help me to unravel the mystery?