<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Active Directory Name Change Will Not Sync to Office 365
Mar 3, 2026
Directories
Overview

When using the Universal Sync provisioning type, any attribute change in Active Directory should sync to the Office 365 profile in Entra ID (known as Azure AD). In some cases, a change in last name, email or UPN can result in Okta being unable to find the Office 365 account. It will try to create a new account but fail due to the immutable ID already existing in Office 365.

Applies To
  • Directories
  • Microsoft Office 365 Provisioning
  • Universal Sync
Cause
A change in too many different base attributes to the user in Active Directory can cause 365 to fail to match to the existing account.
Solution

Modify the UPN of the account in the Entra Admin Center to match the new username of the account in Okta. This will allow Okta to find and match with the account, updating the rest of the profile.

Recommended content

Still looking for help?
Loading
Active Directory Name Change Will Not Sync to Office 365