Azure AD connect sync error: FederatedDomainChangeError

By | 30th November 2017

When synchronizing identity data from your on-prem Active Directory environment to the Azure Active Directory environment using the Azure AD connect tool you might occasionally get an error.

One example is the error: FederatedDomainChangeError

Details

This error typically occurs after you have changed the UserPrincipalName suffix of an user from one federated domain to another federated domain.

For example:
If a user’s UserPrincipalName suffix was updated from: john@xbexample.com to john@xblab.com and both domains (xbexample.com and xblab.com are Federated domains then the FederatedDomainChangeError will occur.

To correct this:

  1. Update the user’s UPN in Azure AD from john@xbexample.com to john@xbexample.onmicrosoft.com. You can do this with the following PowerShell command with the Azure AD PowerShell module:
  2. During the next sync schedule the UserPrincipalName of the user John will be updated to: john@xblab.com.

Check out my blog about how to Check and clean your on-prem AD with IdFix before migrating




I hope this was informative. For questions or comments you can always give a reaction in the comment section or contact me:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.