"User {0} was not recognized by the Microsoft Office 365 authentication system" error after you run the MOSDAL Support Toolkit

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log shows the following error:Note This log is located at \Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.

Additionally, after you sign in to your Microsoft cloud service such as Office 365, Windows Azure, or Windows Intune by using a federated account, you may receive an "Organization could not sign you in" error message from login.microsoftonline.com.

This issue may occur if one of the following conditions is true:

• The on-premises user account and the Office 365 user account weren't correctly prepared for single sign-on (SSO) authentication.
• The on-premises user account isn't synced correctly with Windows Azure Active Directory (Windows Azure AD).
• The user principal name (UPN) of the user account changed and the AD FS server is using a cached copy of the old UPN when you're building a claim for access to the cloud service.

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Troubleshoot a badly piloted SSO-enabled user ID

To make sure that the affected user ID is piloted correctly as an SSO-enabled user ID, see the following Microsoft Knowledge Base article:

Method 2: Troubleshoot user account synchronization

To troubleshoot problems with specific user objects that aren't syncing correctly to Windows Azure AD, see the following Microsoft Knowledge Base article:

Method 3: Clear the LSA cache of the old UPN

To resolve the problem when AD FS is using a cached copy of an old UPN to build an AD FS claim for access to the cloud service, see Method 2 in the following Microsoft Knowledge Base article:

Still need help? Go to the Office 365 Community website or the Windows Azure Active Directory Forums website.