Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD Sync to On-Prem AD

Deleted
Not applicable

Hello,

I have Azure AD with about 50 users. These users were made when we purchased Office365. Let's say domain on Azure AD is example.com. (username@example.com)

Locally, we use on-prem AD to authenticate computers as well as the wirelss network via RADIUS. Let's say the local domain is corp.example.com. (username@corp.example.com)

 

Now what I need is to unify the usernames and passwords. I want usernames and passwords that are in Azure AD to be used on prem as well. (So we let go of corp.example.com and move to example.com on both Azure AD and On-Prem AD).

 

What is the process to achieve this result?  I am okay with making any changes to local or Azure AD as long as I get to use username@example.com for both for Azure AD and Local AD authentication. 

 

P.S : my understanding is that locally you can't use a domain name that resolves to a website? (so I can't remake the on-prem AD to use example.com ? ) 

 

 

3 Replies

Hi Januka,

 

You can use your public domain that is registered on Azure AD in your on-premises AD changing the UPN of the users to that domain and then match the email.

 

To acomplish that you have to add a new domain in "Active Directory Domains and Trusts"

https://technet.microsoft.com/en-us/library/cc772007(v=ws.11).aspx

 

After this change your UPN and email of your users to match the username of Azure AD.

 

Then Install AD Connect and when you enable it it will softmatch your user.

 

Be carfully of this steps and if you need any help please tell.

 

 

"You can use your public domain that is registered on Azure AD in your on-premises AD changing the UPN of the users to that domain and then match the email."

Is it okay to use public domain internally? My understanding is that you should not use resolvable domain names internally?
If that is okay, then I will have equal usernames on both on-prem AD and Azure AD.

When I use AD Connect, will it automatically softmatch ?And will it sync passwords FROM Azure AD to On-Prem AD or other way around?

Hi Januka,

 

You only will change the UPN, not the public domain internaly, just the way the user login on Office 365. 

When AD Connect will softmatch the password is from AD, you source of identity will be AD not Azure AD.

 

You have to setup the AD Connect, just do a scope to a few test users and after you see how it works, send communications to the end users that after date/hour x their passwords on Office 365 will be the same that are from AD.