DirSync Error Resolution Part 3 – Invalid User Principal Name | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
PowerGov
Engage citizens with a community development app for city maintenance and management.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Spyglass®
Take a proactive, continuous approach to optimizing your security environment and strategy.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
Data & Analytics Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
AI Managed Services
Support for your AI technologies & ongoing strategic coaching to take your AI initiatives to the next level.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Quisitive Flex
Routine support services and environment management for critical Microsoft systems
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Learning Channels
Events
News
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass®
Managed Services
Back
Managed Services
Azure Management Services
AI Managed Services
Security Program
Power Platform Program
Digital Workplace Program
Data & Analytics Program
Dynamics Program
App Dev Program
Quisitive Flex
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
A young man works at his desk, making sure the coding for his clients Azure Data Platform is looking set up for their needs
DirSync Error Resolution Part 3 – Invalid User Principal Name
September 30, 2013
Quisitive
Here's how to fix Invalid User Principal Name error.

The next type of DirSync errors generated by the organization in Part 1 were objects with invalid User Principal Names. Using some of the error messages sent in the Directory Synchronization error report email, I will examine why these errors occurred and how we fixed them.

Blank User Principal Name

[email protected]Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [UserPrincipalName [email protected];]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

Although the error states the UPN was a duplicate, I included it with the Invalid UPNs rather than the duplicate values in Part 2 because of the reason the UPNs were duplicated. The ASPNET accounts had blank UPNs, thus when they were replicated they were each given the default UPN suffix of @contoso.onmicrosoft.com. Blank User Principal Names or missing UPN suffixes can occur when the account was created by a program, through software installations, a script or other user provisioning system outside of Active Directory Users and Computers. ADUC will include the AD domain name as the UPN suffix by default, while other account creation methods may leave the UPN or suffix blank. Changing the UPN to match the Primary SMTP Address will fix these problems unless, like these accounts, they do not have a mailbox. The ASPNET account was present in the parent and all child domains, causing multiple dirsync errors but only one error message in the error report.

Resolution:

  1. Update the account UPNs in each domain with a federated domain as the UPN suffix.
  2. Dirsync will update the objects at the next synchronization cycle.

Change UPN to Different Federated Domain

[email protected]Unable to update this object in Windows Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services.

Bob moved from an office in Iowa to an office in Ohio. His primary SMTP address was changed from @ContosoMW.com to @ContosoOhio.com to reflect his new location and his UPN was changed to match. It is not possible to change from one federated domain to another just by updating the UPN on the on-premise account. The user object must be updated in the portal when the UPN suffix changes between federated domains.

Resolution:

  1. Launch the Azure AD PowerShell Module from an admin workstation.
  2. Run the Connect-msolservice cmdlet from the PowerShell window.
  3. Log in with an Office 365 account that has rights to manage users.
  4. Change the cloud UPN from the old federated domain to the default domain on Office 365.
  5. This change requires 2 Dirsync cycles to replicate the changes in both directions.
  6. The Cloud Account will be updated with the correct on-prem UPN when the dirsync cycles complete.

Invalid Characters in User Principal Name

CHI-PTO/[email protected]Unable to update this object in Windows Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services.
Tech [email protected]Unable to update this object in Windows Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services.

Both of these accounts have invalid characters in their User Principal Names. These errors are discovered during the initial readiness assessment or roadmap when AD is examined for accounts that will cause directory synchronization errors. However, these accounts were created after the assessments were run at the beginning of the project so they showed up in the dirsync error report. Changing the UPN to match the primary SMTP address would have resolved these errors.

Resolution:

  1. Remove the / from UPN, Display Name, alias, and first name in the Vacation Calendar shared mailbox user account.
  2. Remove the space from the Tech Use UPN.
  3. Dirsync will update the objects at the next synchronization cycle.

The majority of Invalid UPN errors can be resolved by changing the UPN to match the email address. Accounts that lacked email addresses or moved between federated domains required manual intervention, but the resolution is still straightforward. In Part 4 I will examine the strange errors that do not fit in the other two dirsync error categories.

Edit – In an earlier version I used the word internvention instead of intervention. Neither the standard Office dictionary nor my editor consider internvention a real word, however I believe it should be.

In-tern-ven-tion. Noun. The act or fact of assigning the repetitive menial tasks required to solve a problem to an unpaid subordinate.

Manually editing UPNs to fix dirsync errors is a prime example of a task that requires an internvention. English is a living language. If enough people start using it, we can make internvention a real word.

Related posts
|
Read more
Austin Empowering Governments with Azure and AI Apps Event Feature Image
Uncategorized | 3 Oct
Register Now: Empowering State & Local Government with Azure and AI Apps
Read more
Dallas AI Innovation Lab Event Feature Image
Uncategorized | 18 Sep
Register Now: Dallas AI Innovation Lab
Read more
General Quisitive gradient background
Uncategorized | 19 Jul
How to Recover from the Recent CrowdStrike Outage
Read more