Office 365: Quick tip to list users with “onmicrosoft.com” UPN due to invalid on premises configuration

Imagine this scenario: You are doing a migration to Office 365, with Microsoft Dirsync, but you’re not the one preparing the on premises Active Directory. Someone else is doing that work and dedicated to the local AD.

You tell them that all users to be activated on Office 365 need to have a vanity domain as their User Principal Name (e.g yourcompany.com). They prepare the Active Directory, you install and configure Dirsync and you do the initial sync. Now you want to make sure that no user got the username user1@yourcompany.onmicrosoft.com due to an invalid configuration on premises.

Note: If the UPN of the user on premises has a domain that is not validated on Office 365, the username on 365 will be the @yourcompany.onmicrosoft.com.

What should you do? Well, in those cases what i do is, i list all the *onmicrosoft.com usernames, export it into a .csv file, and send it to the Active Directory team for validation. The question should be: “Do any of the listed users need to be activated on Office 365, and therefore need the UPN fixed on premises?”

To build that list is quite simple. First you need to open the Windows Azure Active Directory Module for Windows Powershell, and connect to your tenant, by running the following cmdlets:

$msolcred = get-credential
connect-msolservice -credential $msolcred

See detailed instructions here.

Once connected, to get a list of all the users with an *onmicrosoft.com username, run the following cmdlet:

Get-MsolUser |where-object {$_.UserPrincipalName -like "*.onmicrosoft.com"}

The output of the cmdlet above should be:

1-Done

If you want to know the total number of users with the *onmicrosoft.com username, run the following cmdlet:

(Get-MsolUser |where-object {$_.UserPrincipalName -like "*.onmicrosoft.com"}).count

The output of the cmdlet above should be:

2-Done

Now, to export those users to a .csv file, run the following cmdlet:

Get-MsolUser |where-object {$_.UserPrincipalName -like "*.onmicrosoft.com"} | Select-Object Userprincipalname, Displayname, Islicensed | Export-Csv C:\Test\UsersWrongUPN.csv -NoTypeInformation

You will get a csv file, like the one shown below:

3-Done

On the .csv file you will probably see users like the tenant admin, or service accounts. The tenant admin is a cloud user and doesn’t need to have the username fixed on the on premises Active Directory. The service accounts might be irrelevant also, and to prevent them from showing on Office 365 your solution would be to use OU based filtering on Dirsync. See here how.

All you have to do now is send the .csv file to your Active Directory administrators and have them validate the users that need fixing, the users you can/should filter to exclude from being synced to 365, and the users you can ignore and keep them with an *onmicrosoft.com username.

Again this is particularly useful when you’re not the one preparing the Active Directory for your Office 365 deployment.

Advertisements

2 thoughts on “Office 365: Quick tip to list users with “onmicrosoft.com” UPN due to invalid on premises configuration

  1. John Smith April 27, 2016 / 4:30 pm

    Does not work, in any version. I edited every machine.config file for each version showing, still getting the exact same error. It would be nice to actually get this to work, but no dice.

    • AMVargas April 27, 2016 / 4:51 pm

      What error are you getting John? Can you provide more details?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s