While catching up with a good friend yesterday we were talking about implementing DirSync and ADFS for their Office 365 for education deployment.
If we want to be able to log into Office 365 with our domain name such as @bfcnetworks.com we need to have this set in our users Active Directory UserPrincipalName attribute.
Over the years, many people have configured their domain FQDN to something like bfc.local rather than use their external domain name.
As we look more into cloud services and Windows Azure Active Directory we see that the requirement to use DirSync and your own domain name (rather than bfcnetworks.onmicrosoft.com) requires local Active Directory changes. The process below will show you how to add an additional domain and then a PowerShell command to get all users using the bfc.local UserPrincipalName and change it to @bfcnetworks.com
Part 1: Add FQDN to Active Directory
Log onto your Active Directory Domain Controller and open Active Directory Trusts and Domains. Right click on Active Directory Domain and Trusts which will open the below property box and type the domain name you want to use in Windows Azure Active Directory
Part 2: PowerShell command to change UserPrincipalName
There are 2 section to this single line of PowerShell. The first is that it will get all the users that has @bfc.local in their UserPrincipalName. The second section will then set search users UserPrincipalName to their SAMAccountName + @bfcnetworks.com
get-aduser -filter {UserPrincipalName -lie “*@bfc.local”} | foreach {set-aduser -identity $_.SAMAccountName -UserPrincipalName ($_.SAMAccountName + “@bfcnetworks.com”)}
You may want to schedule this to run over 3 hours just before your DirSync runs to ensure all your users do have the right FQDN in their UserPrincipalName before being synced with Windows Azure Active Directory & Office 365