Update federated identity


I need some advice/help on how to update the federated identity of our PW users.

Today our users are configured in a hybrid way. Meaning that their type is logical, but they also have the Federated Identity configured. This allows them to login using either IMS or logical credentials.

Now we’re about to change the domain for most users from domain.com to domain-main.com, but I want to keep the type as is, special to avoid changing their logical password.


The cmdlet Update-PWUserProperties doesn’t allow me to change the identity.

The cmdlet Convert-PWUserToFederated has the -DoNotChangeUserType parameter, but I think it doesn’t work because they’re “hybrid” already…

It gives me the error bellow, and doesn’t update de federated identity

Get-PWUsersByMatch -Email 'susana.dias@domain.com' | Convert-PWUserToFederated -IdentityName susana.dias@domain-main.com -DoNotChangeUserType

WARNING: Could not modify user ''. Error: 58003


Without the -DoNotChangeUserType it will change the user type, and the logical password will be lost…

Do you have any suggestions on how to handle this?


Thank you for your support!

Susana Dias