WhoAmI still shows domain account after migration |
Post Reply |
Author | |
steven.reid
Newbie Joined: 15 Jun 2022 Location: Australia Status: Offline Points: 21 |
Post Options
Thanks(0)
Posted: 27 Jun 2022 at 12:05am |
Hi,
I am testing a migration from On-Premises to Azure. I am able to successfully join the machine to Azure (testdomain.onmicrosoft.com) and remove it from the lcoal domain. (testing) I go to log in using the Other option and use the full email address to log in, e.g. test.user@testdomain.onmicrosoft.com I can see the Outlook profile etc fine When I run a whoami command it still shows up as testing\test.user When I run the "dsregcmd /status" command it shows that it is Azure Joined +----------------------------------------------------------------------+ | Device State | +----------------------------------------------------------------------+ AzureAdJoined : YES EnterpriseJoined : NO DomainJoined : NO Device Name : FTZ-TestDJ +----------------------------------------------------------------------+ | Diagnostic Data | +----------------------------------------------------------------------+ AadRecoveryEnabled : NO Executing Account Name : TESTING\Test.user, test.user@testdomain.onmicrosoft.com KeySignTest : PASSED is this as expected? Edited by steven.reid - 27 Jun 2022 at 12:06am |
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1844 |
Post Options
Thanks(0)
|
Hi, No, we wouldn't expect to see testing\test.user as the executing account name or as the output to whoami. I don't think it's a User Profile Wizard issue. I think you should be able to confirm that by joining a computer manually to Azure by unjoining it from the local AD and installing the Provisioning Package and logging in (without migrating a profile), do you have the same result via whoami and dsregcmd ? I think this post reflects the issue you are experiencing? There was no response to this post, but the original poster has added a note regarding the resolution after he contacted Azure support. Solution: I contacted Microsoft Azure Support by creating a ticket. I sent in a CSV file with all users experiencing the problem. Microsoft deleted the following attributes linked to their accounts: DNSDomainName, NetBiosName, OnPremisesDistinguishedName, OnPremisesSamAccountName. After that, the problem was resolved. Hope this helps! I hope this helps, Support.
|
|
steven.reid
Newbie Joined: 15 Jun 2022 Location: Australia Status: Offline Points: 21 |
Post Options
Thanks(0)
|
Thank you for this.
I ran some tests and our results are the same as those mentioned in ServerFault. Even if I manually join a machine to Azure AD (not using the provisioning package) and sign in using an on-premises account it shows up using the DOMAIN\user format. Thanks again! |
|
onboardit
Newbie Joined: 11 Aug 2022 Status: Offline Points: 6 |
Post Options
Thanks(1)
|
This is because the On-premises SAM account name is a property on the AzureAD account. You can now see this in portal.azure.com on the user under the properties tab. This drove us crazy for a while, and it's a byproduct of a past AzureAD connect sync, even if it's no longer syncing. As we understand it, once the account has been bound with an on-premise AD account using AzureAD connect, you cannot remove the SAM account name property ever without rebuilding the account in AzureAD from scratch. We're still working to confirm that years later as it is quite annoying and shows in other places like Windows Defender for Endpoint, Cloud App Security, etc...
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |