I have an issue where the following happened in the below sequence (and verified a second time with a test account, and O365 tennant in example is mydomain.onmicrosoft.com):
- Email was created on Office 365 with an email testuser@mydomain.com
- Local AD account was created with a local UPN of @corp.mydomain.com of the AD (by mistake, we had also added mydomain.com to the UPNs but wrong one was selected).
- AD Sync ran and we could see a user testuser@mydomain.onmicrosoft.com listed (show Synced with Active Directory under Office 365 portal admin users list)
- We then change the UPN of the AD account to @mydomain.com
- We get the error for Dir Sync status of
We detected a duplicate UserPrincipalName conflict on the value testuser@mydomain.com. All attribute values need to be unique across objects. To resolve this conflict, first determine which object should be using the conflicting value. Then, update or remove the conflicting value from the other object(s). This error was detected on 9/7/17 12:32 PM.
The lists are:
UserPrincipalName: testuser@mydomain.com
Status:Unlicensed
Last DirSync time:
Source anchor:
Source of authority:Cloud
Created on:9/7/17 3:49 PM
UserPrincipalName: testuser@mydomain.onmicrosoft.com (Modified automatically)
Status:Unlicensed
Last DirSync time:9/7/17 4:32 PM
Source anchor:+fWWJ+utoUS9xeB2ofeKew==
Source of authority:On-premises Active Directory
Created on:9/7/17 4:02 PM
Proxy addresses:
I have followed the details here and set the local AD account email address under user profile to testuser@mydomain.com, set the UPN to mydomain.com, and also added the proxy address SMTP:testuser@mydomain.com under attributes tab of the user, but still get the same error.
Any ideas please how i can link the listed testuser@mydomain.onmicrosoft.com (AD account) to testuser@mydomain.com (Office 365 mailbox) ?
Best Answer
This issues may caused by that you have not add your domain to office 365.
First , we know that Office 365 uses the cloud-based user authentication service Azure Active Directory to manage users. Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well.
For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@.onmicrosoft.com'. The process is simple:
You can add your domain in Office 365 portal just here:
If you plan to federate your on-premises Windows Server AD with Azure AD, then you need to select the I plan to configure this domain for single sign-on with my local Active Directory checkbox when you run the Azure AD Connect tool to synchronize your directories. You also need to register the same domain name you select for federating with your on-premises directory in the Azure AD Domain step in the wizard. You can see what that step in the wizard looks like in these instructions. If you do not have the Azure AD Connect tool, you can download it here.
More about how to add a domain and users to Office 365, refer to this official document.