Wednesday, April 13, 2022

Change in naming convention of user’s Name parameter

We want to inform you about a change that we are working on. This change will be rolled out in a phased manner starting in the later part of April 2022.

The Name parameter associated with a user within a tenant should be unique. However, while we sync objects from Azure Active Directory to Exchange Online, the way Name parameter is being evaluated currently led to periodic conflicts. We realized that the current method is not the best method to compute this parameter. Hence, we want to move away from current method to a more robust way of generating the Name parameter which is through ExternalDirectoryObjectId (EDOID).

EDOID value is unique. We’ll use this GUID as Name instead of synchronizing the Name from on-premises or using the alias (if Name is not specified). With this change the DistinguishedName (DN) value will also get impacted. To better understand how this will impact objects in a tenant where directory synchronization is enabled, consider the following example:

With this new change, when creating a new Office 365 (remote) mailbox from on-premises Exchange Admin Center, the Name field will no longer synchronize to Exchange Online.

NamePropChange.jpg

Before changes are implemented:
DisplayName: Jeff Smith
Name: Jeff Smith
Alias: jsmith
DistinguishedName: CN= Jeff Smith,OU=(tenant).onmicrosoft.com, OU=Microsoft Exchange Hosted Organizations, DC=NAMP283A001, DC=PROD,DC=OUTLOOK, DC=COM
ExternalDirectoryObjectId: 12313c53-fff7-46d4-8b83-71fb317d1853

After changes are implemented:

DisplayName: Jeff Smith
Name: 12313c53-fff7-46d4-8b83-71fb317d1853
Alias: jsmith
DistinguishedName: CN= 12313c53-fff7-46d4-8b83-71fb317d1853, OU=(tenant).onmicrosoft.com, OU=Microsoft Exchange Hosted Organizations, DC=NAMP283A001, DC=PROD, DC=OUTLOOK, DC=COM 

In this example, both the Name and DistinguishedName are updated with the EDOID value.

Note: This would also mean that any subsequent CN value change in Exchange on-premises will not be reflected in the object’s Name property in Exchange Online.

Will this change not allow modification of the Name property?
Customers can still use Exchange PowerShell cmdlets (Set-User, Set-MailUser, Set-Mailbox with -Name parameter) to update the Name property in Exchange Online. Since the cmdlets ensure uniqueness, it would allow the operation to succeed only when the passed Name is unique in the tenant. 

How will the change impact new and existing users?
The updated naming logic would take effect only during new user creation. Existing users won’t get impacted in any way.

Please note that since we will start using EDOID as Name in Exchange Online, we shall stop allowing changes in CN to reflect in Name property in Exchange Online for all users (both new and existing). 

We recommend that Administrators evaluate any scripts or other automation that may rely on the Name property and update them accordingly.

Exchange Online Team

Posted at https://sl.advdat.com/3E8rFYphttps://sl.advdat.com/3E8rFYp