Article ID: 2492140 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

You create a new user in the Office 365 Admin Center in Office 365. However, when you try to assign a federated domain to the new user, the federated domain isn't listed in the user's list of domains. 

The following is an example scenario of what happens when you experience this issue:
  • In the Office 365 portal, single sign-on (SSO) and Active Directory synchronization are enabled.
  • When you view the properties of the domain on the domain properties page, the domain type is listed as Federated or Single sign-on. For example, adatum.com is the federated domain.
  • When you create a new user, you see that the default domain that's provided by Office 365 is listed as the first option in the drop-down box. For example, the default domain is contoso.onmicrosoft.com.
  • When you click the drop-down box to view the list of domains, the federated domain isn't listed. For example, adatum.com isn't listed.

CAUSE

This behavior is by design in Office 365. You can't create federated users through the portal. All federated users must be created on-premises and must be synced by using the Microsoft Azure Active Directory Sync Tool . 

SOLUTION

To work around this behavior, create a matching user account in the on-premises Active Directory Domain Services (AD DS) environment, set up the user principal name (UPN) appropriately, and then sync the account and Azure Active Directory by using directory synchronization. To do this, follow these steps:
  1. Obtain the primary SMTP address of the Office 365 user account. To do this, follow these steps:
    1. Sign in to the Office 365 portal (https://portal.office.com) as a global admin.
    2. Click Admin, and then click Exchange to open Exchange Admin Center.
    3. Locate the user account, and then double-click it.
    4. In the left navigation pane, click Email Address, and then note the primary SMTP address of the user account.
  2. Start Active Directory Users and Computers, and then create a user account in the on-premises domain that matches the Office 365 user account. For more information about how to do this, go to the following Microsoft TechNet website:
    Create a User Account in Active Directory Users and Computers
  3. Make sure that the UPN of the user account is updated to the federated domain name. For more information about how to do this, see the following Microsoft Knowledge Base article:
    2392130 Troubleshoot Active Directory user accounts that are piloted as Office 365 SSO-enabled user IDs
  4. Use Active Directory Service Interfaces (ADSI) Edit to edit the proxyAddresses attribute of the user object so that it matches the primary SMTP address that you noted in step 1D. To do this, follow these steps:

    Note For more information about how to install ADSI Edit, go to the following Microsoft website: 
    Installing ADSI Edit

    1. Click Start, click Run, type ADSIEdit.msc, and then click OK.
    2. Right-click ADSI Edit, select Connect to, and then click OK to load the domain partition.
    3. In the navigation pane, locate the user object that you want to change, right-click it, and then click Properties.
    4. In the Attributes list, click the proxyAddresses attribute, and then click Edit.
    5. In the Value to add field, enter the appropriate SMTP address, and then click Add.

      Note The primary SMTP address value for the user object should be prepended by an uppercase "SMTP:" designator for the address value to be formatted correctly for the proxyAddresses attribute. For example, "SMTP:username@contoso.com" is an acceptable value, and "username@contoso.com" isn't an acceptable value.
    6. Click OK two times, and then exit ADSI Edit.

    For more information about how to use ADSI Edit to edit Active Directory attributes, go to the following Microsoft TechNet website:
    Using ADSI Edit
  5. Force directory synchronization. For more information about how to do this, go to the following Microsoft website:
    Force directory synchronization

MORE INFORMATION

For more information, see the following Microsoft Knowledge Base article:

2392130 Troubleshoot user name issues that occur for federated users when they sign in to Office 365, Azure, or Windows Intune 

Still need help? Go to the Office 365 Community website.

Properties

Article ID: 2492140 - Last Review: July 13, 2014 - Revision: 41.0
Applies to
  • Microsoft Office 365
  • Office 365 Identity Management
Keywords: 
o365 o365a o365e o365022013 o365m KB2492140

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com