azure-docs Whenever Azure AD recalculates the UserPrincipalName attribute, it also recalculates the MOERA.

Dears, hope you are doing well. i have this query regarding the important paragraph on this article:

_Important

Azure AD recalculates the UserPrincipalName attribute value only in case an update to the on-premises UserPrincipalName attribute/Alternate login ID value is synchronized to the Azure AD Tenant.

Whenever Azure AD recalculates the UserPrincipalName attribute, it also recalculates the MOERA.

In case of verified domain change, Azure AD also recalculates the UserPrincipalName attribute. For more information, see Troubleshoot: Audit data on verified domain change_

testing reveals tthat this is not correct, the moera always remains the same even after changing upn via sync. can we have this checked and modified appropriately? many thanks!

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 5e28d301-492c-3db3-72dd-699f6786985b
Version Independent ID: 653625e5-d919-9953-249d-7f33ee319265
Content: Azure AD UserPrincipalName population - Microsoft Entra
Content Source: articles/active-directory/hybrid/plan-connect-userprincipalname.md
Service: active-directory
Sub-service: hybrid
GitHub Login: @billmath
Microsoft Alias: billmath

Feb 13 '23 12:02 iobolog

@iobolog Thanks for your feedback! We will investigate and update as appropriate.

Feb 13 '23 16:02 Naveenommi-MSFT

Hi @iobolog The MOERA is calculated based on the MailNickName attribute and the initial domain If the MailNickName attribute is updated, then the MOERA will be updated as well. However, if the UserPrincipalName attribute is updated, the MOERA will not be updated.This is because the MOERA is based on the MailNickName attribute, not the UserPrincipalName attribute.

For you information Please refer the below in documented link https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features https://learn.microsoft.com/en-us/azure/active-directory/hybrid/howto-troubleshoot-upn-changes

Feb 15 '23 03:02 ManoharLakkoju-MSFT

Good morning!

Thanks for getting back to me so soon. My experience via testing in my test lab as well as with numerous customers in full scale large production environments is that the moera does get constructed when the user first gets provisioned in azure, however, afterwards it never changes / recalculates. It does not matter what attributes you change (be it upn or mailnickname), the moera will remain as initially provisioned. At least we can agree that our articlehttps://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname#azure-ad-mailnickname-attribute-value-calculation has this incorrect highlighted important note Whenever Azure AD recalculates the UserPrincipalName attribute, it also recalculates the MOERA.

Feb 15 '23 07:02 iobolog

@iobolog I'm going to assign this to the document author so they can take a look at it accordingly

@billmath Can you please check and add your comments on this doc update request as applicable.

Feb 16 '23 08:02 ManoharLakkoju-MSFT

Thank for submitting this. I have created a work item for it and will reviewing this in the coming weeks. I am not sure what the timeline will be, so I am going to close this for now. But once I have an update I will drop it in here and let you know.

Thank you!

Bill

#please-close

Jul 21 '23 16:07 billmath