DirSync Configuration
For DirSync, the default rules will continue to try and sync the on-premises UPN to Azure Active Directory and if the UPN suffix is not valid, the user will be provisioned with a “.onmicrosoft.com” suffix. The configuration change below allows you to modify DirSync such that the on-premises “mail” attribute is used in Azure Active Directory.DirSync can be modified with the following process:
- Open “miisclient.exe” on the DirSync server (Located in “C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell”)
- Select the “Management Agents” tab
- Right-click the “Active Directory Connector” and select “Properties”
- Select “Configure Attribute Flow”
- Expand “Object Type: user” and scroll until you find the “Data Source Attribute” of “<dn>,sAMAccountName,userPrincipalName”
- Change the “Mapping Type” from “Advanced” to “Direct”
- Select “mail” as the “Data source attribute” and confirm that the “Metaverse attribute” is set to “userPrincipalName”
- Click “Edit” and then “OK” to save the changes
Considerations Post-Sync
If you have previously run a synchronization job with DirSync, you may run into one of the following scenarios:- If the current UPN for the user is a federated domain, DirSync will not change the user’s UPN in Azure Active Directory
- If the user has a license assigned, DirSync will not change the user’s UPN in Azure Active Directory
Really enjoyed this post — very informative and well-written!
ReplyDeleteClinical Research Courses in Banglore
Clinical Research Courses in Nagpur
Clinical Research Courses in Amravati
"This aligns with what I’ve been observing too – glad to see it articulated so well."
ReplyDeleteMedical Coding Courses in Banglore
Medical Coding Courses in Pune
Medical Coding Courses in Nagpur
Medical Coding Courses in Amaravati
"I learned a lot from this post. Thanks for putting it together!"
ReplyDeletePharmacovigilance Courses in Mumbai
Eligibility for Digital Marketing Courses
Career in Pharmacovigilance