Synchronizing the SamAccountName Property using Windows Azure Active Directory Sync Tool
Posted
by
pk.
on Server Fault
See other posts from Server Fault
or by pk.
Published on 2014-05-12T20:36:43Z
Indexed on
2014/06/02
15:31 UTC
Read the original article
Hit count: 206
ms-office-365
|dirsync
Using this official documentation as a guide, I would expect the SamAccountName
property to sync from my on-premise AD to Office 365. I think that it used to do exactly that, but now it seems that it doesn't so much sync the attribute as it does create an entirely new, unlinked value and store it in Office 365. This has caused some minor issues for me (broken scripts, annoying permissions management, etc.) and may be part of a more major issue regarding ADFS authentication.
On-Premise
PS C:\Windows\system32> Get-ADUser jdoe -Properties SamAccountName | fl SamAccountName
SamAccountName : jdoe
Office 365 Sync'ed Objects
PS C:\Windows\system32> Get-Mailbox jdoe | fl SamAccountName
SamAccountName : $1A7H20-K1LCOJFFBHGS
I understand how to work around this issue in my scripts -- there exists the ImmutableId property which can be mapped back to the on-premise GUID. As far as the issue I'm having with ADFS, I'm less certain how to proceed and if this is causing my issues. At this point I really would just like some verification that I'm not crazy and that this used to be sync'ed at some point in the past and that Office 365 broke it relatively recently. I also think that MS documentation should perhaps be updated to exclude SamAccountName
from the list of synchronized properties on the page I linked.
© Server Fault or respective owner