0 votes

Since DIRSYNC doesn't appear to sync UPN correctly and it needs to be changed VIA powershell online. Is there a way to create a custom command connect and run this powershell command where the new UPN is pulled from the current on-prem UPN?

Set-MsolUserPrincipalName -UserPrincipalName oldemail@old.com -NewUserPrincipalName newemail@new.com

by (340 points)
0

Hello,

Yes, this is possible. For this purpose, you need to create a Custom Command, for example, as described in this tutorial, and add the Run a program or PowerShell script action to your Custom Command (step 4 of the tutorial). run.powershell.script.action.pngAs for the actual PowerShell script that you need to run as a part of the Custom Command, can you specify the following details so that we could help with the script that meets your requirements:

  1. How many Office 365 tenants do you have registered in Adaxes?
  2. Is the old UPN stored somewhere among the user's properties?
0

I am sorry I missed your first response.

1. ~2100 users
2. No. Is there a way to pull the old UPN from 365 and set it to the new one?

Open to suggestions but maybe something like:

If 365 UPN does not equal ONPREM upn run "set-MsolUserPrincipalName"

I'm afraid i'm not good enough to create it on my own.

0

I tried this but it doesn't recognize the set-msolprinciplaname command for some reason?

try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    return # No office 365 account
}

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber -DisableNameChecking

Set-MsolUserPrincipalName -UserPrincipalName $objectId.ToString() -NewUserPrincipalName %userPrincipalName%

Remove-PSSession $session

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

In your situation, we suggest creating a Business Rule that will be triggered automatically after changing a user's UPN in AD and synchronize that changes to Office 365. To create such a Business Rule:

  1. Create a new Business Rule.

  2. On step 2 of the Create Business Rule wizard, select User and After Updating a User.

  3. On step 3, add the Run a program or PowerShell script action and paste the below script in the Script field.

     # New UPN
     $newUPN = "%userPrincipalName%"
    
     # User ID
     try
     {
         $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
     }
     catch
     {
         $Context.LogMessage("The user doesn't have an account in Office 365", "Warning")
         return # No office 365 account
     }
    
     $scriptBlock = {
         param($credential, $objectId, $newUPN)
    
         Import-Module MSOnline
    
         Connect-MsolService -Credential $credential
    
         # Assign new UPN
         Set-MsolUserPrincipalName -ObjectId $objectId -NewUserPrincipalName $newUPN
     }
    
     # Get credentials for the tenant where the user's Office 365 account is hosted
     $o365Credential = $Context.GetOffice365Credential()
    
     # Start Windows PowerShell as a separate process and run the script block in that process
     $job = Start-Job -ScriptBlock $scriptBlock -ArgumentList $o365Credential, $objectId.ToString(), $newUPN
     $job | Wait-Job -Timeout 540
     if ($job -eq $NULL)
     {
         return
     }
  4. Enter a short description for the script and click OK.

  5. Now, you need to specify a condition for the script to be triggered only when UPN is changed. Right-click the action you've just added and click Add Condition.

  6. Select the If <property> changed condition type.

  7. Specify if User Logon Name has changed.

  8. Click OK.

  9. Finish creation of the Business Rule.

0

You are amazing. THANK YOU!!

0

Thank you for your good words. We really appreciate that! :)

0

FYI, the UPN will change via dirsync as long as the user does not have an office 365 license assigned. Once a license has been assigned, you must use powershell or remove the license.

0

This works perfectly. Thank you!

Related questions

0 votes
1 answer

Hey Support, Were in the process of just spinning up Adaxes 2014.1 in our environment, and I'm working on build the employee off boarding custom command and can get ... mailbox on litigation hold through Outlook 365's web portal it's so slow. Thanks!

asked Jul 30, 2014 by Ben.Burrell (490 points)
0 votes
1 answer

We need to capture the Office365 (if any) on the user account before we disable. These are accounts taht are temps or contractors that we disabled and re enable for ... Example of group name is Office-E3-EXO and we want to capture it to CustomAttributeText31

asked Aug 4, 2020 by willy-wally (3.2k points)
0 votes
1 answer

Hello, I am looking for a way with a custom command or script to change ExtensionAttribute4 for all users in a specific OU(and Sub-OU's). Currently all of the ... change them to firstname.lastname@yyy.com just changing the field after the @ symbol. Thank You

asked Mar 19, 2016 by Infounlim (470 points)
0 votes
1 answer

Hello, I'm trying to execute a custom command through a Powershell script, but I'm struggling to pass multiple values to an AD Object Picker parameter. ... , $NULL, $NULL, 0) $obj.ExecuteCustomCommand($command.CommandID, $commandArguments) Thanks in advance!

asked Nov 24 by KelseaIT (170 points)
0 votes
1 answer

Dear support, I'm trying to automate network share creations via custom commands. They idea is to create share and groups with command A and schedule ... "ADS_SCOPE_BASE" $scopeItem.Exclude = $False $scopeItem.SetInfo() $task.ActivityScopeItems.Add($scopeItem)

asked Jan 27, 2020 by Dmytro.Rudyi (850 points)
2,607 questions
2,344 answers
6,228 comments
862,369 users