When synchronizing identity data from your on-prem Active Directory environment to the Azure Active Directory environment using the Azure AD connect tool you might occasionally get an error.
One example is the error: FederatedDomainChangeError
This error typically occurs after you have changed the UserPrincipalName suffix of an user from one federated domain to another federated domain.
If a user’s UserPrincipalName suffix was updated from: firstname.lastname@example.org to email@example.com and both domains (xbexample.com and xblab.com are Federated domains then the FederatedDomainChangeError will occur.
To correct this:
- Update the user’s UPN in Azure AD from firstname.lastname@example.org to email@example.com. You can do this with the following PowerShell command with the Azure AD PowerShell module:
PowerShell1Set-MsolUserPrincipalName -UserPrincipalName firstname.lastname@example.org -NewUserPrincipalName email@example.com
- During the next sync schedule the UserPrincipalName of the user John will be updated to: firstname.lastname@example.org.
Check out my blog about how to Check and clean your on-prem AD with IdFix before migrating
I hope this was informative. For questions or comments you can always give a reaction in the comment section or contact me: