cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AD connect with existing O365 user accounts

tantonyrei
Copper Contributor

‎Mar 06 2023 09:42 AM

‎Mar 06 2023 09:42 AM

Azure AD connect with existing O365 user accounts

My overall plan is to migrate our Exchange 2013 server to Exchange Online.  If I'm right, it will be easier if I install Azure AD Connect on our AD so it will sync with O365 and users can sign in with their AD account instead of their onmicrosoft.com account.  

My domain is a .local domain so I'm getting 'TopLevelDomain' error when I run IdFix tool, so I added a new UPN in .com format so I'm not getting that error anymore.  

 

What would happen when I sync Azure AD with the user accounts if some of them are already in O365?  Does it create duplicate accounts for these users?  Also, do I verify my .com domain in O365 before or after syncing with Azure AD?

Labels:
5,285 Views
0 Likes
14 Replies
Reply
14 Replies
Kidd_Ip

‎Mar 06 2023 04:41 PM

‎Mar 06 2023 04:41 PM

Re: Azure AD connect with existing O365 user accounts

@tantonyrei 

What is your Domain of DS and Email Domain currently?

 

0 Likes
Reply
FcoManigrasso

‎Mar 07 2023 04:40 AM

‎Mar 07 2023 04:40 AM

Re: Azure AD connect with existing O365 user accounts

Hi @tantonyrei,

 

Are your current Office365 users configured with your custom domain, ( same as the AD one )? 

(.local domain is an internal AD one and it's not a valid domain to sync ).

If you have your users configured like, ( example ), contoso.com in both environment, soft matching should be possible during the sync: How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for director...

 

The accounts will not be duplicated. If AD Connect identifies an existing cloud account with the same UPN/SMTP but is not able to do the soft match, ( probably due an immutableId error ), you'll see the sync error for that/those user/s and you'll be able to fix it. ( In that case a hard match will be required ).

 

This article will help you understanding the attributes population: How the proxyAddresses attribute is populated in Azure AD - Active Directory | Microsoft Learn

 

And I found this one that's really interesting in your scenario: Sync existing office 365 tenant with local active directory | 2 Azure

 

Hope this helps. Good luck :) 

0 Likes
Reply
tantonyrei

‎Mar 24 2023 11:04 AM - edited ‎Mar 24 2023 11:06 AM

‎Mar 24 2023 11:04 AM - edited ‎Mar 24 2023 11:06 AM

Re: Azure AD connect with existing O365 user accounts

Sorry for the late reply. My local AD is a .local, so I added company.com UPN to my AD. My O365 is company.onmicrosoft.com, so I added company.com to the domain, but as soon as I added it, the user's Outlook stopped working and it kept asking for their password, even though I had company.onmicrosoft.com as the default.

But when I removed the company.com domain from O365 admin center, the user's emails returned back to normal and working. I'm not sure what caused it.

When I added company.com to O365 originally, it asked me to add some TXT records to my DNS and I did.  It kept saying that my company.com domain was already associated with another O365 account, which my collogue created for testing, so I removed company.com from the O365 account my collogue created so I could add it to the 'live' O365 account.

0 Likes
Reply
FcoManigrasso

‎Mar 24 2023 11:34 AM

‎Mar 24 2023 11:34 AM

Re: Azure AD connect with existing O365 user accounts

Hi @tantonyrei,

The TXT record is only for the domain verification in O365, but that doesn't mean that the domain will work with mailflow.

You'll need to modify the MX, CNAME, etc... Records at the NS. 

Once you add the domain, ( after the TXT record ), you'll see a screen with all the required records for email and other services. 

 

1 Like
Reply
tantonyrei

‎Mar 24 2023 11:40 AM

‎Mar 24 2023 11:40 AM

Re: Azure AD connect with existing O365 user accounts

Hi @FcoManigrasso, thanks for the reply.

Correct, I understand TXT record is only for the initial domain verification and once the domain is verified, we can remove the TXT record from DNS.

Yes, I saw the screen after adding domain to modify the MX, CNAME etc, but I wasn't sure what to select there, so I selected 'skip this option', could that be what caused the whole issue? Sorry I'm new to O365, so I don't understand what does that have to do with user's Outlook prompting for passwords. Our exchange server is on premise 2013.
0 Likes
Reply
FcoManigrasso

‎Mar 24 2023 12:07 PM

‎Mar 24 2023 12:07 PM

Re: Azure AD connect with existing O365 user accounts

Oh sorry, @tantonyrei!

My reply was based for a 100% cloud environment. My bad.

Did you already setup the exchange hybrid? Which kind? 

If your domain is already working with the onprem environment and you setup the hybrid configuration correctly, should work perfectly. 

Let me share with you some articles:

 

https://learn.microsoft.com/en-us/exchange/hybrid-deployment/deploy-hybrid

 

https://learn.microsoft.com/en-us/outlook/troubleshoot/authentication/outlook-prompt-password-modern...

 

And here you can test the connectivity in order to see if something is wrong:

 

https://testconnectivity.microsoft.com

1 Like
Reply
George_Mebz

‎Mar 24 2023 12:09 PM - edited ‎Mar 24 2023 12:56 PM

‎Mar 24 2023 12:09 PM - edited ‎Mar 24 2023 12:56 PM

Re: Azure AD connect with existing O365 user accounts

When you sync Azure AD with your existing O365 user accounts using Azure AD Connect, it will match the users based on their email addresses. If a user account already exists in O365, it will be matched with the corresponding AD user account and no duplicate account will be created.

However, if there are any conflicts or errors during the synchronization process, you may need to resolve them manually. For example, if there are two user accounts with the same email address, Azure AD Connect will not be able to determine which account to match with the AD user account, and you will need to resolve the conflict manually.

As for verifying your .com domain in O365, it is recommended to verify the domain before syncing with Azure AD. This will ensure that the domain is correctly configured and verified, and will avoid any issues during the synchronization process. Once the domain is verified, you can proceed with configuring Azure AD Connect to sync your AD user accounts with O365.

 

1 Like
Reply
tantonyrei

‎Mar 24 2023 12:37 PM

‎Mar 24 2023 12:37 PM

Re: Azure AD connect with existing O365 user accounts

I need to look into exchange hybrid then. Because I have my on premise Exchange server 2013, plus we have the owa.ridgeeng.com so users can access their emails outside of company network.
0 Likes
Reply
tantonyrei

‎Mar 24 2023 12:48 PM

‎Mar 24 2023 12:48 PM

Re: Azure AD connect with existing O365 user accounts

Since my over all goal is to migrate users from on premise Exchanger 2013 to Exchange online, do I have to use hybrid? I was going to use CodeTwo software for the migration.
0 Likes
Reply
FcoManigrasso

‎Mar 27 2023 01:37 AM

‎Mar 27 2023 01:37 AM

Re: Azure AD connect with existing O365 user accounts

Hi @tantonyrei,

It depends of the number of mailboxes that you need to migrate and how will you plan it.

Find in the following link information about the different migration possibilities and their limitations:

 

Decide on a migration path in Exchange Online | Microsoft Learn

1 Like
Reply
tantonyrei

‎Mar 27 2023 07:10 AM

‎Mar 27 2023 07:10 AM

Re: Azure AD connect with existing O365 user accounts

I only have about 100 mailboxes, so it looks like I can do cutover migration. I was already looking at CodeTwo for migration. But to before using CodeTwo, I have to first add my domain to Office 365 admin center right?
1 Like
Reply
Adam Aardvark

‎Mar 27 2023 07:18 AM

‎Mar 27 2023 07:18 AM

Re: Azure AD connect with existing O365 user accounts

@tantonyrei 

That's right, adding the custom domain is the first of the pre-migration activities. You can take a look at the complete migration walkthrough.

1 Like
Reply
tantonyrei

‎Mar 27 2023 07:38 AM - edited ‎Mar 27 2023 07:40 AM

‎Mar 27 2023 07:38 AM - edited ‎Mar 27 2023 07:40 AM

Re: Azure AD connect with existing O365 user accounts

Thanks, because its when I added my company.com domain to the existing company.onmicrosoft.com, the user's Outlook and O365 logins stopped working. That's where I'm stuck now.

I choose skip this and do this later because I wasn't sure what option to select, may be that's why.

0 Likes
Reply