May 11 2023 06:33 AM
Hi, I'm new here and am currently dealing with Azure in our company.
We have had MS 365 with Office licenses for a few years and use them actively, locally we have a small server including a domain.
I would now like to synchronize my local AD users with Azure via AD Connect. It works theoretically and practically, but I have two problems.
For example, my local users are called email address removed for privacy reasons
The names in the AD are like email address removed for privacy reasons
I now have both users in the AD, one managed via the cloud and one locally managed.
How do I get the two users together in such a way that nothing explodes or e-mails etc. get lost or something is destroyed locally?
Or is that difficult to impossible without pain due to the advanced usage of both sides?
Microsoft clearly advises against it, so I'm wondering: what to do?
My boss would like to merge both to minimize the amount of passwords and for any other possible gimmicks.
It seems like best practice seems to be, first create the things local and then merge them with azure and give them licences etc, right?
May 11 2023 12:16 PM
you need to match your local users with your AAD users using the soft match through the SMTP proxy address attribute , refer to the below link:
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
May 11 2023 05:38 PM
Do you think there is any key to match your user account between on-prem and Cloud (M365)? Say SMTP?
May 12 2023 12:06 AM - edited May 12 2023 12:09 AM
@Kidd: Yes, if its needed.
@ eliekarkafy: So i dont have to change my usernames, i only have to give my local useres the O365 Mailadress in their mail-adresse field?
Does this work without changing my local usernames, or is this still needed?
And if i do this, now O365 things like Mails are lost?
May 12 2023 12:14 AM - edited May 12 2023 12:16 AM
@Sebastian_Wenning no need to change the upn of your users , you just need to match the smtp in your proxy address attributes for your local users with the smtp in your o365 users and when you run the sync the users in the cloud will appear synced instead of cloud only
May 12 2023 12:26 AM
May 12 2023 12:47 AM
May 17 2023 01:26 AM
@eliekarkafyokay, adding the mailadress to the user and changing the username is needed, but changing the the upn isn´t needed, but ok, if i do so.
May 17 2023 01:29 AM
May 19 2023 12:14 AM
May 19 2023 01:26 AM
@Sebastian_Wenning here the steps to follow:
May 22 2023 12:51 AM
@eliekarkafyThanks, i stopped the sync last friday and change the attributes.
- Userloginname is now fully like my mailadress.
- Userloginname pre Win2k isn´t changed, so it doesnt match my AD User, but if i read your steps correct, it´s not needed.
- At "general" i filled "E-Mail" with my mailadress
- The attribute "proxyAdresses" is now filled with the attribute "SMTP:mymailadress"
I had an error with the user-rights if i look into the Synchronisation Service Manager, but this is solved.
My new status:
No seen errors in the Manager. AD User-Table shows no double users, but all users are not marked as "local synced". -> Has to change to "yes", or not?
Ontop of that, my bosses user has an deployment error, category PropertyConflict in his ProxyAdresses.
Thats curious, because the value in this error shows his "SMTP:hismailadress" like all 4 other synced users have it filled with teir adresses, but the other users didn´t get any errors at all.
May 22 2023 01:04 AM
May 30 2023 12:17 AM
Thanks again for helping me via PM.
For everyone else, the solution was simple. You have to match the full UPN with the MS365 user and the attribute "proxyadresses" has to be filled with the SMTP entries of the MS365 user, e.g. SMTP:email address removed for privacy reasons for the main address and smtp:email address removed for privacy reasons for the alias address.
My mistake was that I merged my local users before filling in these entries. I had to delete my missynced on-premises users in Azure and Azure-DeletedUser Recycle Bin and do a new initial sync via PowerShell. After 2 minutes my users were properly synchronized.
Note that all your user entries in MS365 will be overwritten with your local user entries. Therefore, before synchronizing, check again whether all information is available with your local users.