This article describes a scenario where attempts to provision a user to Office 365 may fail with the following error message: Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid.
Applies to: All versions of Centrify Identity Service with Office 365
User failed to provision to Office 365 with the following unexpected error message in Centrify Sync Report:
Unable to update this object in Microsoft Online Services, because the attribute FederatedUser.UserPrincipalName is not valid. Update the value in your local Active Directory
Office 365 does not allow changing the federated domain suffix of a user to a different federated domain suffix.
One scenario is: this user has already been synced to office 365 before and then the user’s UPN is now changed to a different federate domain suffix. After running a sync on that user, the above error message displays in Centrify sync report.
1. Install and run Windows Azure Active Directory Module for Windows PowerShell as administrator.
2. Run the following command, pressing Enter after each command:
(Enter Office 365 admin credentials when prompted)
3. Run the command below to change the user's UPN to e.g. email@example.com:
- Replace [ExistingUPN] with the actual UPN that user currently is having in Office 365 (which can be found by searching user name in Office 365 admin portal, e.g. firstname.lastname@example.org.) - Replace [DefaultDomainUPN] with the UPN in the format of email@example.com, e.g. firstname.lastname@example.org.
4. Run the following command to set the user’s UPN to use the new federated domain: