Article ID: 2492140 - View products that this article applies to.

Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
Expand all | Collapse all

PROBLEM

You create a new user in the Office 365 portal in Microsoft Office 365. However, when you try to assign a federated domain to the new user, the federated domain isn't listed in the user's list of domains.

The following is an example scenario of what happens when you experience this issue:
  • In the Office 365 portal, single sign-on (SSO) and Active Directory synchronization are enabled.
  • When you view the properties of the domain on the domain properties page, the domain type is listed as Federated or Single sign-on. For example, adatum.com is the federated domain.
  • When you create a new user, you see that the default domain that's provided by Office 365 is listed as the first option in the drop-down box. For example, the default domain is contoso.onmicrosoft.com.
  • When you click the drop-down box to view the list of domains, the federated domain isn't listed. For example, adatum.com isn't listed.

CAUSE

This behavior is by design in Office 365. You can't create federated users through the portal. All federated users must be created on-premises and must be synced by using the Windows Azure Active Directory Sync Tool .

SOLUTION

To work around this behavior, create a matching user account in the on-premises Active Directory Domain Services (AD DS) environment, set up the user principal name (UPN) appropriately, and then sync the account and Windows Azure Active Directory by using directory synchronization. To do this, follow these steps:
  1. Obtain the primary SMTP address of the Office 365 user account. To do this, follow these steps:
    1. Sign in to the Office 365 portal (https://portal.microsoftonline.com) as a global admin.
    2. Take one of the following actions:
      • In Office 365, click Admin, and then click Exchange to open Exchange Admin Center.
      • In Office 365 pre-upgrade, click Admin, and then, under Exchange Online, click Manage to open Exchange Control Panel.
    3. Locate the user account, and then double-click it.
    4. Take one of the following actions:
      • In Office 365, in the left navigation pane, click Email Address, and then note the primary SMTP address of the user account.
      • In Office 365 pre-upgrade, expand Email Options, and then note the primary SMTP address of the user account.
  2. Start Active Directory Users and Computers, and then create a user account in the on-premises domain that matches the Office 365 user account. For more information about how to do this, go to the following Microsoft TechNet website:
    Create a User Account in Active Directory Users and Computers
  3. Make sure that the UPN of the user account is updated to the federated domain name. For more information about how to do this, see the following Microsoft Knowledge Base article:
    2392130 Troubleshoot Active Directory user accounts that are piloted as Office 365 SSO-enabled user IDs
  4. Use Active Directory Service Interfaces (ADSI) Edit to edit the proxyAddresses attribute of the user object so that it matches the primary SMTP address that you noted in step 1D. To do this, follow these steps:
    1. Click Start, click Run, type ADSIEdit.msc, and then click OK.
    2. Right-click ADSI Edit, select Connect to, and then click OK to load the domain partition.
    3. In the navigation pane, locate the user object that you want to change, right-click it, and then click Properties.
    4. In the Attributes list, click the proxyAddresses attribute, and then click Edit.
    5. In the Value to add field, enter the appropriate SMTP address, and then click Add.

      Note The primary SMTP address value for the user object should be prepended by an uppercase "SMTP:" designator for the address value to be formatted correctly for the proxyAddresses attribute. For example, "SMTP:username@contoso.com" is an acceptable value, and "username@contoso.com" isn't an acceptable value.
    6. Click OK two times, and then exit ADSI Edit.

      Note ADSI Edit is included with the Windows Server 2003 Support Tools. The Windows Server 2003 Support Tools are available on the product disc. Also, you can obtain the tool from the Microsoft Download Center by going to the following Microsoft website:

      Windows Server 2003 Service Pack 2 32-bit Support Tools

    For more information about how to use ADSI Edit to edit Active Directory attributes, go to the following Microsoft TechNet website:
    Using ADSI Edit to edit Active Directory attributes
  5. Force directory synchronization. For more information about how to do this, go to the following Microsoft website:
    Force directory synchronization

MORE INFORMATION

For more information, see the following Microsoft Knowledge Base article:

2392130 Troubleshoot user name issues that occur for federated users when they sign in to Office 365, Windows Azure, or Windows Intune

Still need help? Go to the Office 365 Community website.

Properties

Article ID: 2492140 - Last Review: October 23, 2013 - Revision: 38.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Microsoft Office 365
Keywords: 
o365 o365a o365e o365022013 after upgrade o365062011 pre-upgrade o365m KB2492140

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com