ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - WhoAmI still shows domain account after migration
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

WhoAmI still shows domain account after migration

 Post Reply Post Reply
Author
Message
steven.reid View Drop Down
Newbie
Newbie


Joined: 15 Jun 2022
Location: Australia
Status: Offline
Points: 21
Post Options Post Options   Thanks (0) Thanks(0)   Quote steven.reid Quote  Post ReplyReply Direct Link To This Post Topic: WhoAmI still shows domain account after migration
    Posted: 27 Jun 2022 at 12:05am
Hi,
I am testing a migration from On-Premises to Azure.

I am able to successfully join the machine to Azure (testdomain.onmicrosoft.com) and remove it from the lcoal domain. (testing)

I go to log in using the Other option and use the full email address to log in, e.g. test.user@testdomain.onmicrosoft.com
I can see the Outlook profile etc fine

When I run a whoami command it still shows up as testing\test.user

When I run the "dsregcmd /status" command it shows that it is Azure Joined
+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : NO
               Device Name : FTZ-TestDJ
+----------------------------------------------------------------------+
| Diagnostic Data                                                      |
+----------------------------------------------------------------------+

        AadRecoveryEnabled : NO
    Executing Account Name : TESTING\Test.user, test.user@testdomain.onmicrosoft.com
               KeySignTest : PASSED

is this as expected?



Edited by steven.reid - 27 Jun 2022 at 12:06am
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 27 Jun 2022 at 9:31am
Hi,

No, we wouldn't expect to see testing\test.user as the executing account name or as the output to whoami. 

I don't think it's a User Profile Wizard issue. I think you should be able to confirm that by joining a computer manually to Azure by unjoining it from the local AD and installing the Provisioning Package and logging in (without migrating a profile), do you have the same result via whoami and dsregcmd ?

I think this post reflects the issue you are experiencing? There was no response to this post, but the original poster has added a note regarding the resolution after he contacted Azure support. 
Solution: I contacted Microsoft Azure Support by creating a ticket. I sent in a CSV file with all users experiencing the problem. Microsoft deleted the following attributes linked to their accounts: DNSDomainName, NetBiosName, OnPremisesDistinguishedName, OnPremisesSamAccountName. After that, the problem was resolved. Hope this helps!

​I hope this helps, 

Support.
Back to Top
steven.reid View Drop Down
Newbie
Newbie


Joined: 15 Jun 2022
Location: Australia
Status: Offline
Points: 21
Post Options Post Options   Thanks (0) Thanks(0)   Quote steven.reid Quote  Post ReplyReply Direct Link To This Post Posted: 29 Jun 2022 at 10:15pm
Thank you for this.

I ran some tests and our results are the same as those mentioned in ServerFault.

Even if I manually join a machine to Azure AD (not using the provisioning package) and sign in using an on-premises account it shows up using the DOMAIN\user format.

Thanks again!  

Back to Top
onboardit View Drop Down
Newbie
Newbie


Joined: 11 Aug 2022
Status: Offline
Points: 6
Post Options Post Options   Thanks (1) Thanks(1)   Quote onboardit Quote  Post ReplyReply Direct Link To This Post Posted: 11 Aug 2022 at 3:44am
This is because the On-premises SAM account name is a property on the AzureAD account. You can now see this in portal.azure.com on the user under the properties tab. This drove us crazy for a while, and it's a byproduct of a past AzureAD connect sync, even if it's no longer syncing. As we understand it, once the account has been bound with an on-premise AD account using AzureAD connect, you cannot remove the SAM account name property ever without rebuilding the account in AzureAD from scratch. We're still working to confirm that years later as it is quite annoying and shows in other places like Windows Defender for Endpoint, Cloud App Security, etc...
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.125 seconds.