AAD Claims UPN vs On-Premise AD UPN


AAD Claims UPN vs On-Premise AD UPN



I thought UserPrincipalName (UPN) are single valued per user in the Directory, but when I run an LDAP query for a specific user, I get the UPN: AO0S0020@mydomain.local,


UserPrincipalName


AO0S0020@mydomain.local



And when running an OAuth (OpenId Connect) authorization against Azure AD (which is synced using AD Connect), I see that the claims UPN for the same user: nati@mydomain.com


AD Connect


nati@mydomain.com



What am I missing here?



The question is widely applicable to a large audience. A detailed canonical answer is required to address all the concerns.



The architecture that allows such difference.




1 Answer
1



You are missing the concept of Alternate login id.



It seems your Azure AD connect is configured with alternate login id. Thus the difference.





I tried to fetch the AlternateLoginID attribute from the LDAP, but it does now exist.
– Nati
Jul 2 at 13:28



AlternateLoginID





AlternateLoginID is configured in ADFS and ADConnect, not in AD. Usually, it points to the email AD property.
– andresm53
Jul 5 at 17:49





I would get the guid (or OID) from AD for nati@mydomain.com and then look for this oid guid value in another field in LDAP.
– Sql Surfer
yesterday






@SqlSurfer the OID in Azure AD is completely disconnected from your on-premises world. So there is nothing to match with it. The link from cloud to on-prem is source anchor. And its configuration varies and can be changed (Azure AD Connect settings).
– astaykov
15 hours ago






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

JMeter fails on beanshell imports

Image
JMeter fails on beanshell imports I had been using Beanshell pre-processor to add custom cookies created through javascript. While it used to work perfectly earlier, with the same line of codes I started to recieve errors in my pre-processor. ERROR - jmeter.util.BeanShellInterpreter: Error invoking bsh method: eval Sourced file: inline evaluation of: ``import org.apache.jmeter.protocol.http.control.CookieManager; import org.apache. . . . '' : TargetError WARN - jmeter.modifiers.BeanShellPreProcessor: Problem in BeanShell script org.apache.jorphan.util.JMeterException: Error invoking bsh method: eval Sourced file: inline evaluation of: ``import org.apache.jmeter.protocol.http.control.CookieManager; import org.apache. . . . '' : TargetError The lines of code is as per suggestion provided in https://javaworks.wordpress.com/2011/08/05/setting-cookie-in-jmeter/ import org.apache.jmeter.protocol.http.control.CookieManager; import org.apache.jmeter.protocol.http.control....
Read more

Why in node-red my HTTP POST no receive payload from inject?

Image
Why in node-red my HTTP POST no receive payload from inject? i try use https://rpinotify.it/invio-di-testo.html i want send message with http post but i can't, see images i use Node-Red to fred.sensetecnic, i try use json, strings... i can't undestrand, can you help me? 3/7/2018, 08:43:15node: 9ee1f8ea.e1c5b8 msg.payload : Object object text: "testo" 3/7/2018, 08:43:15node: 9ee1f8ea.e1c5b8 msg.payload : Object object info: object datetime: "2018-07-03 06:43:15" ip: "54.149.86.44, 108.162.246.239" message: "'text' or 'img' POST parameter are required" response: 400 [ { "id": "e6ce432b.5361", "type": "tab", "label": "Flow 2", "disabled": false, "info": "" }, { "id": "1b6aa9ad.127af6", "type": "inject", "z": ...
Read more

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma...
Read more