PowerShell, Office 365, Azure and automation
KB: Checking for Office 365 users UPN and Mail attributes match

KB: Checking for Office 365 users UPN and Mail attributes match

10 Aug 2019 a KB was released about possible issues with modern authentication for Outlook users. Users might be affect if their account attributes UserPrincipalName (UPN) and Mail not match. I was involved with remediation process. Was thinking it might be helpful for others if the information about how to do checking for Office 365 users consistency is available.

The easierst way to find all the users who potentially affected is to collect data for a quick report.

This is the PowerShell code to run.

# Connect to Office 365 by PowerShell
Connect-MsolService

# Query all the users with E1 license
$E1users = get-msoluser -all |  ? {($_.licenses).AccountSkuId -contain 'STANDARDPACK'}

# Initiate array where all the results will be
$AffectedUsers = @()

# Compare UPN with Mail attribute
foreach ($user in $E1users){
 if ($user.userprincipalname -ne $user.mail) {
   $AffectedUsers += $user.userprincipalname
 }
}

# Exporting results
$AffectedUsers | Export-CSV .\AffectedE1Users.csv 

 As a result you get AffectedUsers.csv file with content all the E1 licensed users who has UPN abd PrimarySmtp attributes not match.

To do the same check for E3 users you can run this script.

# Connect to Office 365 by PowerShell
Connect-MsolService

# Query all the users with E1 license
$E3users = get-msoluser -all |  ? {($_.licenses).AccountSkuId -contain 'ENTERPRISEPACK'}

# Initiate array where all the results will be
$AffectedUsers = @()

# Compare UPN with Mail attribute
foreach ($user in $E3users){
 if ($user.userprincipalname -ne $user.mail) {
   $AffectedUsers += $user.userprincipalname
 }
}

# Exporting results
$AffectedUsers | Export-CSV .\AffectedE3Users.csv 

As a result you will get the AffectedE3Users.csv file with all the users UPN who’s UPN and Mail attribute doesn’t match.

You might want to do the same for users holding other kind of licenses. You can see all the licenseses availble for your tenant with this command: Get-MsolAccountSku

Please see more articles about Office 365 here

Leave a Reply

Your email address will not be published. Required fields are marked *