Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Advice for syncing from local AD

Copper Contributor

Hi, 

 

I've a customer where we're implementing dynamics 365, this is their first venture into the cloud. They would like to use SSO for dynamics 365, syncing their ad usernames and passwords to azure ad.  I've just created their onmicrosoft account in the first step for dynamics 365. 

Customer01@customer.com on premise has Customer01@customer.onmicrosoft.com online. 
I'm wondering what would be the best way of syncing their ad accounts to azure ad, they've no attribute that's exactly the same?

 

Thanks for any advice.

3 Replies
best response confirmed by Byrdie68 (Copper Contributor)
Solution

Hello there @Byrdie68 ! 

If the users have not started using Dynamics yet and the cloud accounts are empty, then I suggest the following approach 

 

  1. Add your custom domain ( customer.com ) to Office365 
  2. Delete the cloud users 
  3. Download Azure AD connect to an on-prem server 
  4. Make sure all user accounts in the local AD have @domain.com as their UPN Prefix ( .Local accounts can not sync ) 
  5. Configure Azure AD connect by following the Wizard 

 

Now that Azure AD connect is installed and syncing your users to the cloud you can go ahead and give them the Dynamics licenses 

 

In order for SSO to work in the local network I recommend deploying PTA ( pass-through authentication ) and Seamless-SSO in Azure AD connect 

 

If your users in the cloud have already started using Dynamics and you dont want to delete their accounts then I suggest this alternative approach 

  1. Add your custom domain ( customer.com ) to Office365 
  2. Edit so all users have the @customer.com domain instead of the onmicrosoft.com address
  3. Download Azure AD connect to an on-prem server 
  4. Make sure all user accounts in the local AD have @domain.com as their UPN Prefix ( .Local accounts can not sync ) 
  5. Configure Azure AD connect by following the Wizard 

This will hopefully make the user accounts in the cloud do  a so called "SMTP Soft match" with your on-prem accounts 

 

Let me know if you have any questions or if anything is unclear in my answer!

Kind Regards
Oliwer Sjöberg

 

@oliwer_sundgren Thank you. 

 

Adding the customer.com domain to office 365 will not have any effect on the on premise mail domain? 

So i can add customer.com as a domain and then setup exchange online with that domain at a later stage?

Thanks

No problem at all! @Byrdie68 

 

Correct, you can add the custom domain now and just add that to your user accounts 

And then when you are ready you can set up DNS Records for Exchnage Online with the custom domain at a later stage 

 

The existing mail flow wont be affected by just adding the domain to Office365 :) 

Kind Regards
Oliwer Sjöberg

1 best response

Accepted Solutions
best response confirmed by Byrdie68 (Copper Contributor)
Solution

Hello there @Byrdie68 ! 

If the users have not started using Dynamics yet and the cloud accounts are empty, then I suggest the following approach 

 

  1. Add your custom domain ( customer.com ) to Office365 
  2. Delete the cloud users 
  3. Download Azure AD connect to an on-prem server 
  4. Make sure all user accounts in the local AD have @domain.com as their UPN Prefix ( .Local accounts can not sync ) 
  5. Configure Azure AD connect by following the Wizard 

 

Now that Azure AD connect is installed and syncing your users to the cloud you can go ahead and give them the Dynamics licenses 

 

In order for SSO to work in the local network I recommend deploying PTA ( pass-through authentication ) and Seamless-SSO in Azure AD connect 

 

If your users in the cloud have already started using Dynamics and you dont want to delete their accounts then I suggest this alternative approach 

  1. Add your custom domain ( customer.com ) to Office365 
  2. Edit so all users have the @customer.com domain instead of the onmicrosoft.com address
  3. Download Azure AD connect to an on-prem server 
  4. Make sure all user accounts in the local AD have @domain.com as their UPN Prefix ( .Local accounts can not sync ) 
  5. Configure Azure AD connect by following the Wizard 

This will hopefully make the user accounts in the cloud do  a so called "SMTP Soft match" with your on-prem accounts 

 

Let me know if you have any questions or if anything is unclear in my answer!

Kind Regards
Oliwer Sjöberg

 

View solution in original post