Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Syncing Azure AD with unmatching domain extension

Copper Contributor



We would like to give our Domain users the ability to use one password for windows login, as well as Outlook 365 email. From what I’ve read, this can possibly be accomplished by syncing with Azure AD.


If so, would I be able to do this if our domain is a .ofc while our email is a .org?


Thank you, in advance. Any help would be greatly appreciated.

4 Replies

What you need to do is add an UPN suffix and change the UPN of any users that will need to authenticate against O365 accordingly. Then use the password sync, pass-trough authentication (recommended) with SSO or AD FS features:

Hello Jack,


When you sync on prem Identities to AAD or while installing Azure AAD connect, you will get an option to choose the attribute on-prem to be synced as UPN.


Azure AD uses upn of the user object as the username.


So in your case since the UPN and email of the user object is different, below mentioned are the two scenarios which can be implemented.


If the user has email as -

and upn as -


and let's say you want the users to login with

While installing azure AAD connect select email to be synced as upn and the users will be able to use the email to sign in to O365, provided you have added and verified in your tenant.




Thank you very much.
Thanks a lot. I will look into this. It sounds like this is very doable.