Changing User Principal Names (UPN) with Azure Active Directory Sync Tool (DirSync)

In this post I want to document the process to make changes to a user’s UPN value when synchronising a federated domain from an on-premises Active Directory to Azure Active Directory used by Office 365.

Problem Summary:

You want to update the user principal name (UPN) of an on-premises Active Directory Domain Services (AD DS) user account. However, directory synchronisation doesn’t propagate the change from one federated domain directly to another federated domain for a user ID in a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune.


Changes to UPN values are not replicated by default as the technical implications can create issues for end-users. Therefore the only way to make the change is via PowerShell.

Firstly the system you intend to execute the PowerShell commands from needs some pre-requisites.

Download and install the following in this order – these downloads assume you are using a 64-bit server or management workstation:

  1. Now open Windows Azure Active Directory Module for Windows PowerShell from the start menu or desktop, be sure to ‘Run as Administrator’.
  2. Next, we need to open a new management session with Azure AD;  to do this run the following command:
  3. When challenged for credentials, enter an account that has Global Administrator permissions to the tenant that you plan to change UPN values for.
  4. Now that youare connected to the cloud tenant, use the following command to update a user’sUPN value:
    Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName

Hope this helps others who might be stuck with this same problem when using the DirSync tool to mirror and on-premises Active Directory with Azure Active Directory.

Reference used to write this post:

Rating 3.00 out of 5
%d bloggers like this: