Syncing Azure AD with unmatching domain extension

Jack Sitterley
New Contributor



We would like to give our Domain users the ability to use one password for windows login, as well as Outlook 365 email. From what I’ve read, this can possibly be accomplished by syncing with Azure AD.


If so, would I be able to do this if our domain is a .ofc while our email is a .org?


Thank you, in advance. Any help would be greatly appreciated.

4 Replies

What you need to do is add an UPN suffix and change the UPN of any users that will need to authenticate against O365 accordingly. Then use the password sync, pass-trough authentication (recommended) with SSO or AD FS features:





Hello Jack,


When you sync on prem Identities to AAD or while installing Azure AAD connect, you will get an option to choose the attribute on-prem to be synced as UPN.


Azure AD uses upn of the user object as the username.


So in your case since the UPN and email of the user object is different, below mentioned are the two scenarios which can be implemented.


If the user has email as - email@contoso.com

and upn as - upn@contoso2.com


and let's say you want the users to login with email@contoso.com.

While installing azure AAD connect select email to be synced as upn and the users will be able to use the email to sign in to O365, provided you have added and verified contoso.com in your tenant.




Thank you very much.
Thanks a lot. I will look into this. It sounds like this is very doable.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies