You create a new user in the Office 365 portal in Microsoft Office 365. However, when you try to assign a federated domain to the new user, the federated domain isn't listed in the user's list of domains.
The following is an example scenario of what happens when you experience this issue:
In the Office 365 portal, single sign-on (SSO) and Active Directory synchronization are enabled.
When you view the properties of the domain on the domain properties page, the domain type is listed as Federated or Single sign-on. For example, adatum.com is the federated domain.
When you create a new user, you see that the default domain that's provided by Office 365 is listed as the first option in the drop-down box. For example, the default domain is contoso.onmicrosoft.com.
When you click the drop-down box to view the list of domains, the federated domain isn't listed. For example, adatum.com isn't listed.
This behavior is by design in Office 365. You can't create federated users through the portal. All federated users must be created on-premises and must be synced by using the Windows Azure Active Directory Sync Tool .
To work around this behavior, create a matching user account in the on-premises Active Directory Domain Services (AD DS) environment, set up the user principal name (UPN) appropriately, and then sync the account and Windows Azure Active Directory by using directory synchronization. To do this, follow these steps:
Obtain the primary SMTP address of the Office 365 user account. To do this, follow these steps:
In Office 365, click Admin, and then click Exchange to open Exchange Admin Center.
In Office 365 pre-upgrade, click Admin, and then, under Exchange Online, click Manage to open Exchange Control Panel.
Locate the user account, and then double-click it.
Take one of the following actions:
In Office 365, in the left navigation pane, click Email Address, and then note the primary SMTP address of the user account.
In Office 365 pre-upgrade, expand Email Options, and then note the primary SMTP address of the user account.
Start Active Directory Users and Computers, and then create a user account in the on-premises domain that matches the Office 365 user account. For more information about how to do this, go to the following Microsoft TechNet website:
Make sure that the UPN of the user account is updated to the federated domain name. For more information about how to do this, see the following Microsoft Knowledge Base article:
Troubleshoot Active Directory user accounts that are piloted as Office 365 SSO-enabled user IDs
Use Active Directory Service Interfaces (ADSI) Edit to edit the proxyAddresses attribute of the user object so that it matches the primary SMTP address that you noted in step 1D. To do this, follow these steps:
Click Start, click Run, type ADSIEdit.msc, and then click OK.
Right-click ADSI Edit, select Connect to, and then click OK to load the domain partition.
In the navigation pane, locate the user object that you want to change, right-click it, and then click Properties.
In the Attributes list, click the proxyAddresses attribute, and then click Edit.
In the Value to add field, enter the appropriate SMTP address, and then click Add.
Note The primary SMTP address value for the user object should be prepended by an uppercase "SMTP:" designator for the address value to be formatted correctly for the proxyAddresses attribute. For example, "SMTP:username@contoso.com" is an acceptable value, and "username@contoso.com" isn't an acceptable value.
Click OK two times, and then exit ADSI Edit.
Note ADSI Edit is included with the Windows Server 2003 Support Tools. The Windows Server 2003 Support Tools are available on the product disc. Also, you can obtain the tool from the Microsoft Download Center by going to the following Microsoft website:
Back to the top
