Fixing invalid SamAccountName in Azure AD Domain Services

Azure AD user had been initially created with a typo on his name. All the attributes had since then been fixed or so it looked like.

Everything else worked fine, but this particular user could not log-on to Azure AD Domain Services connected Remote Desktop servers with his domain\username style account.

Turned out, the old name (which had been fixed) was still there. Running the command:

Get-ADUser -Filter 'Name -like "John"

revealed the users SamAccountName attribute contained the typo. Same thing was visible in the “Active Directory Users and Computers”, in the pre Windows 2000 logon field.

The fix was simple. The SamAccountName is synced from Azure Active Directory, where the attribute is called “mailNickname”. The command line az tool can be used to update the attribute:

az ad user update --id john.doe@example.org --mail-nickname john.doe

Then just waiting a while and the SamAccountName had been updated on the Azure AD Domain Services managed domain.