Forum Discussion

David Kramkowski's avatar
David Kramkowski
Copper Contributor
Dec 07, 2017

Azure AD Sync functionality

I just tested out the Azure AD Sync functionality to sync between a local AD domain and Azure AD. What I gathered from reading through and setting it up is that in order to sync to Office365 or to ...
azure active directory
Vineet Arora's avatar
Vineet Arora
Brass Contributor
Dec 08, 2017

Hi,

 

The reason you cannot use non-routable domain (.local) is because it cannot be verified that you own the domain. Being a public cloud, Microsoft need to verify if you really own the domain.

 

Best would have been if you could change the primary UPN. It doesn't impact normal logins etc. however since you have mentioned you can't do this, there must be a reason.

 

So, as an alternative you can use some other attribute to be used as O365/AAD login by doing custom installation of AAD connect. Refer "Azure AD sign-in configuration" section on below article.

 

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom

 

Not being a recommended practice there are limitations of doing so. Refer below link.

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id

 

Give it a try and let us know. Always test before you put it in production!