I have a client that uses adsync to sync their local active directory with their office365 azure directory. I also have multi factor authentication, via the IOS Microsoft Authenticator, enabled for the administrator account. On a Windows 10 computer, here are the steps I have to perform to change a username locally and on office365.
On a local domain controller:
Change the username in active directory. I also change the Email address on the general tab and the proxyaddress on the attributes tab (you must have advanced features under view enabled in the ADUC MMC to see this tab).
On the AzureADSync computer/server:
Run the powershell command:
Start-ADSyncSyncCycle -PolicyType delta
On a Windows 10 management computer:
Using Internet Explorer, go to https://outlook.office365.com/ecp/?rfr=Admin_o365&exsvurl=1&mkt=en-US (Exchange Admin Center under the office 365 admin portal), click on Hybrid, click on the bottom link to download and install The Exchange Online PowerShell Module (second button).
Using the new Exchange Online PowerShell Module, run the following powershell commands (the last two connects require MFA; you don’t necessarily need all of this, but i use it to make sure i can perform all the commands i need at the time)
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking
Now you’re authenticated and can change the user principal names to match your local active directory changes:
set-msoluserprincipalname -userprincipalname [email protected] -newuserprincipalname [email protected]
To do the same thing in the future, start the Exchange Online PowerShell Module, run the two connects and then you can run the set-msoluserprincipalname.