Forum Discussion
Office 365 + local domain .local and external .com shows Users will not be able to sign-in azure ad?
Not sure which PowerShell cmdlet you are referring to, but adding the suffix in the AD Domains and Trust snap-in is harmless. Changing the user's UPN to reflect the new suffix will change the way they login to some applications, but the old domain\samaccountname method will continue to work.
Ah ok.. so either way no harm even with a brute force command line method?
I think either way, for single sign on to work as it should with exchange online later on, they all need to sign in via .com anyway.. so i'm guessing this is fine
Here is the article for the command line/powershell https://blogs.technet.microsoft.com/canitpro/2015/07/07/step-by-step-changing-the-upn-suffix-for-an-entire-domain-via-powershell/#comment-234715ellI added the suffix to the domain.. refreshed the azure ad connect sign in page..
now it shows under ad upn suffix BOTH domain.local and domain.com.. domain.local under azure ad domain says not added.. and the domain.com says verified..
At the bottom it still says users will not be able to sign in using on premises creds.. unsure why though..
Probably because it detect the users with the .local suffix.