Skip to main content
日本語 简体中文 繁體中文

[Access Control] How to Modify a User's Microsoft 365 UPN (Microsoft 365 ID)

Question

How can I change a user's UPN (Microsoft ID) in Access Control?

Answer

The procedure varies depending on your deployment configuration and account synchronization method. Please refer to the following instructions.

Notes

  1. If you are unsure about your synchronization configuration, please contact HENNGE One Technical Support and attach the config.ini file for HENNGE One Directory Sync.
    The typical path for the HENNGE One Directory Sync settings file is as follows:

    C:¥Program Files¥HDE One Directory Sync¥config.ini
  2. The User Name of a user created in Access Control cannot be changed.
    If you need to change the User Name, you must delete the user and recreate it with the new User Name.

If synchronizing from Active Directory to Entra ID (manual user creation is not required)

  1. Stop the HENNGE One Directory Sync service (for automatic execution only)

  2. Change the [User Logon Name] (UPN) in Active Directory.
    In a standard configuration, "attr_upn=userPrincipalName" is specified in the config.ini file.
    If your configuration differs, please contact HENNGE One Technical Support.

  3. Start the HENNGE One Directory Sync service (for automatic execution only).
    The target user's UPN will be updated to the new UPN.
    * If "UPN" is used as the key to identify user accounts between Active Directory and Access Control (i.e., "key=UserPrincipalName" is specified in the config.ini file), the synchronization process will automatically delete the account with the old UPN and create a new account with the new UPN.
    As a result, you will need to reconfigure features linked to the user, such as OTP, device certificates, and Secure Browser.

If synchronizing from Access Control to Microsoft Entra ID

  1. From [Users] - [User List], click the target user.

    スクリーンショット 2026-01-09 17.37.57.png

  2. Change the "UserPrincipalName (UPN)" field to the desired UPN, then click "Save Changes".

    スクリーンショット 2026-01-09 17.29.35.png

  3. Depending on the synchronization status of the source and destination domains, follow the appropriate procedure below.
    * If synchronization fails, please refer to the following article for troubleshooting steps.
    [Access Control] View Sync Log

    If periodic sync is enabled for both the source and destination domains

    スクリーンショット 2026-04-16 11.46.24.png

    No action is required.
    The user information in Microsoft 365 will be updated at the next periodic sync.
    If you want to change the domain immediately, run a sync from [Sync Now] in either domain.

    If periodic sync is enabled for either the source or destination domain

    スクリーンショット 2026-04-16 11.46.24.png

    1. Run a Dry Run in the domain where periodic sync is "Disabled".
      You can download the Dry Run results from [View Audit Log].

      スクリーンショット 2026-04-17 15.33.52.png

    2. If the Dry Run results are as expected, run "Sync Now" in the same domain.

      スクリーンショット 2026-04-17 15.36.03.png

    3. After reviewing the notes, check the checkbox and click [Sync Data].
      * If synchronization fails, please refer to the following article for troubleshooting steps.
      [Access Control] View Sync Log

      スクリーンショット 2026-04-17 15.35.45.png

    If periodic sync is disabled for both the source and destination domains

    1. Select either the source or destination domain and enable periodic sync.
      [Access Control] User Sync Settings (Access Control → Microsoft 365)
      * To prevent unexpected user synchronization, be sure to perform a [Dry Run] as described in step 8 above.
    2. Once periodic sync is enabled for one side, follow the steps in If periodic sync is enabled for either the source or destination domain.