May 24 2018
- last edited on
Jul 24 2020
We would like to give our Domain users the ability to use one password for windows login, as well as Outlook 365 email. From what I’ve read, this can possibly be accomplished by syncing with Azure AD.
If so, would I be able to do this if our domain is a .ofc while our email is a .org?
Thank you, in advance. Any help would be greatly appreciated.
May 28 2018 11:23 AM
What you need to do is add an UPN suffix and change the UPN of any users that will need to authenticate against O365 accordingly. Then use the password sync, pass-trough authentication (recommended) with SSO or AD FS features:
May 29 2018 11:47 AM
When you sync on prem Identities to AAD or while installing Azure AAD connect, you will get an option to choose the attribute on-prem to be synced as UPN.
Azure AD uses upn of the user object as the username.
So in your case since the UPN and email of the user object is different, below mentioned are the two scenarios which can be implemented.
If the user has email as - firstname.lastname@example.org
and upn as - email@example.com
and let's say you want the users to login with firstname.lastname@example.org.
While installing azure AAD connect select email to be synced as upn and the users will be able to use the email to sign in to O365, provided you have added and verified contoso.com in your tenant.