Hi, I'm new here and am currently dealing with Azure in our company.We have had MS 365 with Office licenses for a few years and use them actively, locally we have a small server including a domain.I would now like to synchronize my local AD users with Azure via AD Connect. It works theoretically and practically, but I have two problems.For example, my local users are called email address removed for privacy reasonsThe names in the AD are like email address removed for privacy reasons I now have both users in the AD, one managed via the cloud and one locally managed. How do I get the two users together in such a way that nothing explodes or e-mails etc. get lost or something is destroyed locally?Or is that difficult to impossible without pain due to the advanced usage of both sides?Microsoft clearly advises against it, so I'm wondering: what to do? My boss would like to merge both to minimize the amount of passwords and for any other possible gimmicks.It seems like best practice seems to be, first create the things local and then merge them with azure and give them licences etc, right?

eliekarkafyThanks again for helping me via PM.For everyone else, the solution was simple. You have to match the full UPN with the MS365 user and the attribute "proxyadresses" has to be filled with the SMTP entries of the MS365 user, e.g. SMTP:email address removed for privacy reasons for the main address and smtp:email address removed for privacy reasons for the alias address.My mistake was that I merged my local users before filling in these entries. I had to delete my missynced on-premises users in Azure and Azure-DeletedUser Recycle Bin and do a new initial sync via PowerShell. After 2 minutes my users were properly synchronized.Note that all your user entries in MS365 will be overwritten with your local user entries. Therefore, before synchronizing, check again whether all information is available with your local users.

Sebastian_Wenning you need to match your local users with your AAD users using the soft match through the SMTP proxy address attribute , refer to the below link:https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78 Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

Sebastian_Wenning Do you think there is any key to match your user account between on-prem and Cloud (M365)? Say SMTP?

@Kidd: Yes, if its needed.@ eliekarkafy: So i dont have to change my usernames, i only have to give my local useres the O365 Mailadress in their mail-adresse field?Does this work without changing my local usernames, or is this still needed?And if i do this, now O365 things like Mails are lost?

Sebastian_Wenning no need to change the upn of your users , you just need to match the smtp in your proxy address attributes for your local users with the smtp in your o365 users and when you run the sync the users in the cloud will appear synced instead of cloud only

Merge local wie Azure AD users, if both are in use and have name differences

eliekarkafy
MVP
May 11, 2023
Sebastian_Wenning
you need to match your local users with your AAD users using the soft match through the SMTP proxy address attribute , refer to the below link:
https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Kidd_Ip
MVP
May 12, 2023
Sebastian_Wenning
Do you think there is any key to match your user account between on-prem and Cloud (M365)? Say SMTP?
- Sebastian_Wenning
  Copper Contributor
  May 12, 2023
  @Kidd: Yes, if its needed.
  
  @ eliekarkafy: So i dont have to change my usernames, i only have to give my local useres the O365 Mailadress in their mail-adresse field?
  Does this work without changing my local usernames, or is this still needed?
  And if i do this, now O365 things like Mails are lost?
  - eliekarkafy
    MVP
    May 12, 2023
    Sebastian_Wenning no need to change the upn of your users , you just need to match the smtp in your proxy address attributes for your local users with the smtp in your o365 users and when you run the sync the users in the cloud will appear synced instead of cloud only

Forum Discussion

Merge local wie Azure AD users, if both are in use and have name differences

Share

Resources