Summary: When performing various hybrid actions in Web Portal for an Active Directory user, a corresponding Cloud user can be found even if UPN does not match between on-premise and cloud user accounts.
Applies to: Cayosoft Administrator 7.3.0 or later
There are situations when UserPrincipalNames can be different in on-premise and cloud user accounts. For example, if you configure Azure AD Connect to use any attribute other then UserPrincipalName for the name of AzureAD user. In this case, you should complete additional configuration in Cayosoft Admin Console: navigate to Active Directory extension > Advanced Settings and set Map cloud users by UPN to No (try anchor attributes first).
How user account is looked up in Cloud
When Map cloud users by UPN is set to No, to search for a user account in Cloud these attributes pairs will be used:
- msDS-ExternalDirectoryObjectID/msDS-ConsistencyGUID attributes in Active Directory
- ObjectId/ImmutableID attributes in Cloud
At first, msDS-ExternalDirectoryObjectID of the user in Active Directory is matched with the ObjectId of the corresponding user account in Cloud.
If msDS-ExternalDirectoryObjectID attribute is not in the schema or not set, msDS-ConsistencyGUID of the same user in Active Directory is matched with the ImmutableID of its account in Cloud.
If msDS-ConsistencyGUID attribute of Active directory user is empty, the user account will be looked up in Cloud by its UserPrincipalName.
If the user account is still not found the error will be reported: Cloud user was not found for this Active Directory user by its external directory ID or anchor.
List of rules and web actions that support users with mismatched UserPrincipalName
Currently, only user accounts are supported who have different UserPrincipalNames in Active Directory and in Cloud. Here is the list of rules and web actions that support users with mismatched UserPrincipalName:
Automation Rules and reports:
AD Users | Set Automatic Replies (Out of Office Message, OOF)
AD Users | Create Office 365 Accounts (Cloud)
AD Users | Update Office 365 Accounts
AD Groups | Enforce License
AD Groups | Validate License
AD Users | Enforce License
AD Users Expired Office 365 Linked User Status
AD Users | Validate License
AD Users with Office 365 Licenses
New User | Create Office 365 User
Office 365 Users | Change selected license option by AD Group
Office 365 Users | Enforce Skype Settings by AD Group Membership
Office 365 Users Billing Count by AD Group (Roll-up)
Office 365 Users Billing Count by AD Group Membership
Office 365 Users Inactive by AD Group Membership
AD Users | Assign Teams Policy
New User | Office 365 User Enforce License
New User | Office 365 Mailbox post creation tasks
New User | Office 365 Skype post creation tasks
New User | Office 365 OneDrive post creation tasks
AD Users | Set Office 365 Mailbox Settings
Analytics collection | Quota Information
AD Groups | Enforce App Role Assignments
Undo Suspend | Office 365 User
New Equipment Mailbox
New Room Mailbox
New Shared Mailbox
Office 365 License