UPN’s in a Hybrid environment

In a hybrid environment the attribute that defines your logon name for  Office 365 is the Active Directory User Principal Name. It is good practice to set the AD UPN to match the users primary SMTP address. This means that the users primary SMTP, Office 365 Logon Name and Lync SIP address (which is derived from the UPN) will be a single identity. Making it easier for users as they just have to remember one address.

In some cases a user may fall through the net and end up with a Office 365 logon name and Lync address that does not match their primary SMTP address. In these instances it is possible to change the UPN but there are consequences. UPN changes can take up to 24 hours and it involves the old Lync account being removed and a new one created. This means any Lync meeting’s need to be rescheduled, Lync contacts must be recreated and any external contacts need to be notified of your new Lync address. Usually this is not a major issue if the person has just been migrated.

In an Office 365 hybrid environment, DirSync is deployed to synchronise Active Directory objects. You can continue to edit and manage user information as before with your on-premise Active Directory. However once a user has been licensed the UPN value can not be changed by updating your AD for the obvious knock-on effects to access to the service and Lync. So, the UPN can be changed in two ways either from the Office 365 Admin Center or PowerShell.

Office 365 Admin Center

  • Logon and select Users and Groups
  • Search for the relevant user
  • Change the DNS suffix to the required domain


When you make the change you will be prompted with this rather useful reminder:


You will notice that you can only change the DNS suffix using the Office 365 Admin Center. If you need to change the username prefix then you must use PowerShell.


  • Logon to PowerShell
  • Run the following cmdlet
  • Set-MsolUserPrincipalName -UserPrincipalName bob.two@mycloudsounds.com -NewUserPrincipalName bob.twotwo@mycloudsounds.com


No friendly warnings in PowerShell it just does it!

I would also take the time to modify the on-premises UPN as it prevents confusion in the long run with support if all values are the same. You can do this in various ways but my particular favourite is:

  • Set-mailbox bob.two -UserPrincipalName bob.twotwo@mycloudsounds.com

Leave a Reply