Question
How can I change a user's Microsoft 365 UPN (Microsoft 365 ID) in Access Control?
Answer
The procedure for changing it varies depending on the configuration of the introduction and the method of account synchronization, so please refer to the following.
Notes
If you are unsure about the synchronization configuration, we will check it for you, so please send the HENNGE One Directory Sync module settings file to HENNGE One Technical Support.
The path to the HENNGE One Directory Sync settings file is as follows.
C:¥Program Files¥HDE One Directory Sync¥config.ini
When synchronizing from Active Directory to Entra ID ※ User recreation does not occur
1. Stop the HENNGE One Directory Sync module service (only for automatic execution)
2. Change the [User logon name] (UPN) in Active Directory
In the standard configuration, "attr_upn=userPrincipalName" is written in the config.ini file.
If not, please consult the HENNGE Customer Success Guide.
3. Start the HENNGE One Directory Sync module service (only for automatic execution)
If the key to identify user accounts in the internal Active Directory and Access Control is "UPN" (if key=UserPrincipalName is written in the config.ini file), the account with the old UPN will be automatically deleted and an account with the new UPN will be automatically created through the synchronization process.
When synchronizing from Access Control to Microsoft Entra ID ※ User recreation on the HENNGE side occurs
1. Check the execution time of the user's periodic sync.
User periodic sync is performed once every hour, so please check the execution time in advance.
Check the Sync Logs (Modern View)
2. If there is a possibility that the work will not be completed by the next periodic sync, please refer to the following article to stop the periodic sync.
If it is expected that the work will be completed by the next sync, proceed to step 3.
※ If periodic sync is performed during work, unintended user deletion or creation may occur.
Stop Periodic Sync with Access Control Microsoft Entra ID
3. Change the Microsoft 365 ID (UPN) from the Microsoft 365 admin screen.
If you change the UPN with a PowerShell command, please check the help center below.
Change UPN of Non-User Objects to onmicrosoft.com Domain
4. Delete the user account with the old Microsoft 365 ID (UPN) in Access Control.
5. Create a user account with the new Microsoft 365 ID (UPN) in Access Control.
Access Control Admin Help
6. Wait for the periodic execution of user sync, or perform a manual execution.
Please wait for the next periodic sync or perform a manual sync.
If performing a manual sync, please refer to the following procedure.
User Sync Settings with Access Control Microsoft Entra ID
If performing a manual sync with periodic sync settings enabled, please refer to the following procedure.
User Sync Settings with Access Control Microsoft Entra ID (when periodic sync is enabled)
7. If periodic sync was stopped, re-enable the periodic sync settings.
For details, please refer to the following article.
User Sync Settings with Access Control Microsoft Entra ID
If you are using multiple domains and there are domains with periodic sync enabled, please refer to the following procedure.
User Sync Settings with Access Control Microsoft Entra ID (when periodic sync is enabled)