Create Dirsync rule to sync users and change their UPN

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });


After installing Dirsync

Open Synchronization rule editor

Select the following

Then select User Common and Click Edit

when you get prompted there to copy a clone of this rule select Yes

First thing to do after cloning the rule is to change it’s precedence as it must not duplicate with the existing one. If you don’t change it u most likely will get an error. I am changing it to 87 to become prior to the all the other rules.

I will go to Transformations (Leaving nothing changed in Scoping and Join rules) .. Scroll to the end until you see “userPrincipalName” value and change it to Trim([mail])

This will change all synced user’s UPN attribute to match their Mail attribute which is usually the Primary SMTP Address.

Save this rule

Now open Synchronization Service Manager and edit which OU you want exactly to sync

Start syncing initial

Start-ADSyncSyncCycle -PolicyType Initial -Verbose

I will check if the user’s UPN on Local AD changed or not (which is supposed to not change since I didn’t add any UPN suffixes or manually did any change to the user on local AD)

As you can see below the user’s UPN didn’t change

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});