2 Domains on one Azure, Duplicated Accounts.

Occasional Visitor

Good Morning all, My company has on premise AD and as the security guy, I've been looking at creating a hybrid deployment with Azure so we can start playing with things like MFA and SSO, but I've run into a problem. My on Premise AD is companydomain.com and our Office365 domain is company.com. I have both domains verified in the Azure portal, but when I ran AD connect, it basically duplicated all of my users and now I have 2 accounts for each user, one with @companydomain.com and one with @company.com. I was wondering what my options are here for moving forward if I have any. If it were possible, I'd want my domain accounts in Azure, and somehow "link" my users office Office365 accounts and licenses, but I can't find anything on that, I suggested that we just rename our on Premise domain to match our Office365 domain but my boss doesn't think the process of changing our entire domain name so we can have SSO is worth it. Any suggestions or am I out of luck?

1 Reply
You can simply add company.com upn suffix into your On premises and re run the Azure AD connect wizard.
1. Go to Onprem Domains and Services mmc and add Company.com as another suffix.
2. Change UPN suffix on each user, run a PS script to change it.
3.Rerun the Azure AD connect wizard.

Changing the UPN suffix will not affect any permission nor changes.

The other option would be simply changing UPN match with Alternative ID option using Azure AD Connect wizard. Set anothet attribute such as email. In this case you need to update this attribute to all users.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname