Forum Discussion
Office 365 + local domain .local and external .com shows Users will not be able to sign-in azure ad?
As long as you have the domain verified in O365, you will be able to sync the .com domain correctly. Of course, make sure that it's added as additional UPN suffix on-prem and the corresponding user attributes are changed to reflect the new suffix.
Not sure which PowerShell cmdlet you are referring to, but adding the suffix in the AD Domains and Trust snap-in is harmless. Changing the user's UPN to reflect the new suffix will change the way they login to some applications, but the old domain\samaccountname method will continue to work.
Ah ok.. so either way no harm even with a brute force command line method?
I think either way, for single sign on to work as it should with exchange online later on, they all need to sign in via .com anyway.. so i'm guessing this is fine
Here is the article for the command line/powershell https://blogs.technet.microsoft.com/canitpro/2015/07/07/step-by-step-changing-the-upn-suffix-for-an-entire-domain-via-powershell/#comment-234715ellI added the suffix to the domain.. refreshed the azure ad connect sign in page..
now it shows under ad upn suffix BOTH domain.local and domain.com.. domain.local under azure ad domain says not added.. and the domain.com says verified..
At the bottom it still says users will not be able to sign in using on premises creds.. unsure why though..