Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Syncing Azure AD with unmatching domain extension

Copper Contributor

Greetings,

 

We would like to give our Domain users the ability to use one password for windows login, as well as Outlook 365 email. From what I’ve read, this can possibly be accomplished by syncing with Azure AD.

 

If so, would I be able to do this if our domain is a .ofc while our email is a .org?

 

Thank you, in advance. Any help would be greatly appreciated.

4 Replies

What you need to do is add an UPN suffix and change the UPN of any users that will need to authenticate against O365 accordingly. Then use the password sync, pass-trough authentication (recommended) with SSO or AD FS features:

 

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-thr...

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso

Hello Jack,

 

When you sync on prem Identities to AAD or while installing Azure AAD connect, you will get an option to choose the attribute on-prem to be synced as UPN.

 

Azure AD uses upn of the user object as the username.

 

So in your case since the UPN and email of the user object is different, below mentioned are the two scenarios which can be implemented.

 

If the user has email as - email@contoso.com

and upn as - upn@contoso2.com

 

and let's say you want the users to login with email@contoso.com.

While installing azure AAD connect select email to be synced as upn and the users will be able to use the email to sign in to O365, provided you have added and verified contoso.com in your tenant.

 

Regards,

Rishabh

Thank you very much.
Thanks a lot. I will look into this. It sounds like this is very doable.