Merge on premise domain and Office365 (users and clients)

Question

Good morning guys,
I have two domain controllers on premise.
After that a third company sell and manage Office365 for a long time and this company has populated Office365 with users accounts.
Shortly, In this moment each user has got two account:

1. local company domain (for example name.surname@mathieu.company .local)
2. cloud companty (name.surgname@mathieu.company .com)

My goal is to merge these two world.
I would that company users use just one account.
I have seen that there are different option and I think that the easiest is "Password Hash".
I dont't like it due to it is just a sync from on premise AD to Azure AD. After that it is a limitation for Sharepoint configuration that there are in this moments.

What do you suggest?
Can I sync computer joined to domani too?
I need it due to I would create access rules to Outlook company service just from domain computer.

Is there problem to create SSO if there are users in cloud too?

Thanks so much!
Federico

Answer 1

My suggestion would be to Create a new on-premises Active Directory from data in Azure AD

Then you can use the multi-forest/single Azure AD tenant topology.

You will need to update AD Connect to include more than one forest. You don't necessarily need to use Password Hash Sync. You could also use Pass-Through Authentication or ADFS if there are forest trusts between your Active Directory forests and if name suffix routing is correctly configured.

Answer 2

Hello @MarileeTurscak ,
Thanks for your reply!

In my case I have Active Directory on premise (I directly manage it) and Azure Active Directory (it was managed by another IT company before).

Your article talks about the creation of a new on premise Active Directory (on premise AD Is empty, in my case is full and running) from Azure

Can I create a new AD on premise?
Can I create a second AD on premise?

Thanks!