u/artemis808

Has anyone successfully gotten Microsoft Entra Workday to On-Prem AD provisioning to automatically rename existing AD accounts?

In our testing:

displayName, mail, and sn update correctly

cn, sAMAccountName, and UPN do NOT update

The mappings for cn and sAMAccountName exist, but provisioning logs never show those attributes in Modified Properties. The AD object is matched correctly by employeeID/WorkerID.

Example:

Workday PreferredNameData = Sherlock Watson

AD after sync:

CN = Sherlock Holmes-IT

sAMAccountName = sholmes-it

displayName = Sherlock Watson

Does Entra provisioning treat cn/sAMAccountName/UPN as immutable after account match, or is there a supported way to enable rename processing for existing users?