This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 68%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Hi, I am Ju Hyun Bae who is managing AD in Korea.
I wonder domain should be the same when connecting "azure ad" and "on-premise".
(ex. On-premise AD : A.com, Azure AD : A.com)
And I wonder it doesn't matter if the Actual AD domain and email address are different for work collaboration.
※ for example
e-mail address : bjh@A.com
M365 account : bjh@B.com
On-Premise AD account : bjh@C.com
It's not necessary to have them match, but it's usually the recommended approach. If you are not able to use the same domain name, or you have the AD domain in the domain.local format or similar, just make sure that the A.com domain is verified in Azure AD. Same goes for the B.com domain, in case you want to be able to use it to send/receive messages. You can add additional UPN suffixes on-premises to make matters a bit easier.
Hi @JUHYUN BAE ,
Thanks for reaching out.
As @Vasil Michev mentioned, it's not necessary to have them match, but it's usually the recommended approach. For example: when you synchronize your on-premises directory with Azure AD , you have to have a verified domain in Azure Active Directory (Azure AD). Only the User Principal Names (UPNs) that are associated with the on-premises Active Directory Domain Services (AD DS) domain are synchronized. However, any UPN that contains a non-routable domain, such as ".local" (example: billa@Company portal .local), will be synchronized to an .onmicrosoft.com domain (example: billa@Company portal .onmicrosoft.com).
If you currently use a ".local" domain for your user accounts in AD DS, it's recommended that you change them to use a verified domain, such as billa@Company portal .com, in order to properly synchronize with your Azure AD verified domain.
Similar way, if on-premises custom domain for example, fabrikam.com which is routable and same domain name has been added in Azure AD then users will just sync by default since UPN suffixes are the same.
In additionally, you can also populate proxyAddresses attribute for the user to have multiple SMTP address which synchronize to Azure AD.
The following article is worth checking out as it speaks about managing custom domain and SMTP address in Azure AD:
https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate
------------------------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @JUHYUN BAE ,
I am reaching out to you and see if you get a chance to review above information. Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution. Thanks !