Office 365 Unable to update object in Azure Active Directory

In this case there was O365 tenant with multiple federated domains. And after changing the UPN suffix for several users in on premise domain, those changes were not replicated in Azure AD. There was an error generated with following description:

Unable to update this object in Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services.

There is a support article published by Microsoft with two workarounds on https://support.microsoft.com/en-us/help/2669550/changes-aren-t-synced-by-the-azure-active-directory-sync-tool-after-yo .
In previous cases Set-AzureADUser -ObjectId [DefaultDomainUPN] -UserPrincipalName [NewUPN], was sufficient for resolving the issues with Azure AD synchronization. Unfortunately, in this case executing this cmdlet generated the following error:

Set-AzureADUser : Error occurred while executing SetUser
Code: Request_BadRequest
Message: Property passwordProfile.password value is required but is empty or missing.Details: PropertyName  - passwordProfile.password, PropertyErrorCode  - PropertyRequired
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed

"Property passwordProfile.password value is required but is empty or missing" for the federated user, with ADFS configured and functional ?

Anyway, in order to resolve the issue, I've created new Microsoft.Open.AzureAD.Model.PasswordProfile object with "Password" and "ForceChangePasswordNextLogin" properties. Here is the powershell:

$AADPP = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$AADPP.Password = “strongP@ssw0rd1!”
$AADPP.ForceChangePasswordNextLogin = “False”

Now, I was able to execute the Set-AzureADUser with following syntax:

Set-AzureADUser -ObjectId [oldDomUPN] -UserPrincipalName [tenant.onmicrosoft.com] -PasswordProfile $AADPP
Set-AzureADUser -ObjectId [tenant.onmicrosoft.com] -UserPrincipalName [NewDomainUPN]

After successful execution of the above cmlets, Azure AD synchronization issues were solved successfully.

4 comments:

  1. Troubleshooting Envy 6255 Printer is very simple. There could be only certain mistakes for the printer, not printing problem. Logging on to 123.hp.com/setup 6255 will give you a very clear answer. First, make sure all your wires are connected. Any loose connections could also be a bigger reason. Check if the HP Envy 6255 Printer is on by looking at the white light that will glow only if the printer is on. If the light blinks faster, the mistake could be in the wireless network that you are using. In this case, refer to the printer’s display for messages. Navigate to 123.hp.com/setup 6255 and find if all the requirements are satisfied. If the problem persists, look at the glowing light. Meager mistakes could stop us from printing, so ensure everything before starting.

    ReplyDelete
  2. hey there are you confused on installing setup for hp printers. we are providing installation guide and 3rd party services for hp printers visit 123.hp.com and 123.hp.com/setup we also support all hp troubleshooting services

    ReplyDelete
  3. setup canon mg5320 wireless printer Inkjet Photo All-in-One Printer with Scanner and Copier PIXMA MG5320 is a Wireless Inkjet Photo All-in-One Printer that offers the adaptability,

    ReplyDelete

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...