Forum Discussion

meanoldmanning's avatar
meanoldmanning
Copper Contributor
Nov 21, 2018

Question regarding UPN and AD pass through

Hello and pardon the question if I missed the answer elsewhere.   We are finally migrating off on prem to O365. I would like to use pass through authentication but have questions about the UPN, pub...
office 365
ChrisWebbTech's avatar
ChrisWebbTech
MVP
Nov 21, 2018
Yes you can use the UPN as it will carry over when syncing along with your primary e-mail and it needs to be added as a domain to the tenant. You can use Passthrough without exchange onprem but i would recommend keeping one as it makes administration easier. Many others have removed their exchange servers and do their admin through AD attributes so it's optional. Until you plan to completely remove AD sync and stand alone in 365 in the future I would say keep it around.
meanoldmanning's avatar
meanoldmanning
Copper Contributor
Nov 21, 2018

Chris, thanks for your reply,

 

I think I found an article I was looking for. I skimmed this a couple weeks ago and then couldn't remember where I saw it. So yeah, should be OK based on this, I'll just have to add my private AD domain name to the list.

 

"Azure AD Connect synchronizes your users' UPN and password so that users can sign in with the same credentials they use on-premises. However, Azure AD Connect only synchronizes users to domains that are verified by Office 365. This means that the domain also is verified by Azure Active Directory because Office 365 identities are managed by Azure Active Directory. In other words, the domain has to be a valid Internet domain (for example, .com, .org, .net, .us, etc.). If your internal Active Directory only uses a non-routable domain (for example, .local), this can't possibly match the verified domain you have on Office 365. You can fix this issue by either changing your primary domain in your on premises Active Directory, or by adding one or more UPN suffixes."

Resources