AADSYNC, Active Directory

Create Dirsync rule to sync users and change their UPN

Leave a comment

 

After installing Dirsync

Open Synchronization rule editor

Select the following

clip_image001

Then select User Common and Click Edit

clip_image002

when you get prompted there to copy a clone of this rule select Yes

clip_image003

First thing to do after cloning the rule is to change it’s precedence as it must not duplicate with the existing one. If you don’t change it u most likely will get an error. I am changing it to 87 to become prior to the all the other rules.

clip_image004

I will go to Transformations (Leaving nothing changed in Scoping and Join rules) .. Scroll to the end until you see “userPrincipalName” value and change it to Trim([mail])

This will change all synced user’s UPN attribute to match their Mail attribute which is usually the Primary SMTP Address.

clip_image005

Save this rule

Now open Synchronization Service Manager and edit which OU you want exactly to sync

clip_image006

Start syncing initial

Start-ADSyncSyncCycle -PolicyType Initial -Verbose

clip_image007

clip_image008

clip_image009

I will check if the user’s UPN on Local AD changed or not (which is supposed to not change since I didn’t add any UPN suffixes or manually did any change to the user on local AD)

As you can see below the user’s UPN didn’t change

clip_image010

clip_image011

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.