When synchronizing identity data from your on-prem Active Directory environment to the Azure Active Directory environment using the Azure AD connect tool you might occasionally get an error.
One example is the error: FederatedDomainChangeError
This error typically occurs after you have changed the UserPrincipalName suffix of an user from one federated domain to another federated domain.
If a user’s UserPrincipalName suffix was updated from: email@example.com to firstname.lastname@example.org and both domains (xbexample.com and xblab.com are Federated domains then the FederatedDomainChangeError will occur.
To correct this:
- Update the user’s UPN in Azure AD from email@example.com to firstname.lastname@example.org. You can do this with the following PowerShell command with the Azure AD PowerShell module:
PowerShell1Set-MsolUserPrincipalName -UserPrincipalName email@example.com -NewUserPrincipalName firstname.lastname@example.org
- During the next sync schedule the UserPrincipalName of the user John will be updated to: email@example.com.
Check out my blog about how to Check and clean your on-prem AD with IdFix before migrating
I hope this was informative. For questions or comments you can always give a reaction in the comment section or contact me: