Number added to user names and email addresses when users are synced to Azure AD

PROBLEM
When users are synced to Azure Active Directory (Azure AD), a number is added to their user principal name (UPN) and SMTP proxy address. For example: john1234@contoso.onmicrosoft.com. 

Note When users are created in Azure AD, their user principal name (UPN) will also be used as one of the SMTP proxy addresses. Therefore, the SMTP proxy address will also contain the number. 

Additionally, you may see one of the following messages:

  • In the Office 365 portal:
    There is an error on one or more user accounts. To see which users are affected and the detailed error message, select the "users with errors" view, and then click the user’s display name.
    [DIRSYNC ERROR]: This User has been synced to your Azure Active Directory, but we had to modify the UserPrincipalName property from john@contoso.com to john1234@contoso.onmicrosoft.com because an existing user, john@contoso.com, was already created with this value.john@contoso.com to john1234@contoso.onmicrosoft.com because an existing user, john@contoso.com, was already created with this value.
  • From an email report:
    This object has been updated in your Azure Active Directory, but with some modified properties, because the following attributes are associated with another object [ProxyAddresses SMTP:john@contoso.com;].
    This object has been updated in your Azure Active Directory, but with some modified properties, because the following attributes are associated with another object [UserPrincipalName john@contoso.com;].
This issue occurs if another object has the same UPN. 
SOLUTION
To resolve this issue, find the users who have duplicate UPNs, and then change the UPNs so that they are unique. To do this, follow these steps.

Step 1: Check your local directory

Use the IdFix DirSync Error Remediation Tool to identify duplicate or invalid attributes.

To resolve duplicate attributes by using the IdFix Tool, see the following Microsoft Knowledge Base article:
2857385 "Duplicate" is displayed in the ERROR column for two or more objects after you run the IdFix tool
For more information about the IdFix tool, go to IdFix DirSync Error Remediation Tool.

Step 2: Check Azure AD

You can use the Office 365 portal or the Azure Active Directory Module for Windows PowerShell to check Azure AD for duplicate attributes.

Method 1: Use the Office 365 portal


  1. Sign in to the Office 365 portal (https://portal.office.com) as an administrator.
  2. In the Office 365 admin center, go to Users, and then click Active users.

    A warning at the top of the page is displayed if there are duplicate attribute conflicts on any object in your organization. 
  3. Click an object to view details about the conflict. This information is displayed in the lower-right corner of the page.
  4. Change the user name so that it's unique. 

Method 2: Use the Azure AD Module for Windows PowerShell

To learn more about how to use the Azure AD Module for Windows PowerShell to identify objects that have duplicate values, see Identity synchronization and duplicate attribute resiliency.

MORE INFORMATION
Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.
Properties

Article ID: 3166795 - Last Review: 06/07/2016 19:34:00 - Revision: 2.0

Microsoft Office 365, Microsoft Azure Active Directory

  • o365022013 o365 o365e o365m o365a KB3166795
Feedback