Configuring Azure AD Connect with a .local Domain UPN Suffix

Question

question

Jgrissom15-3571 asked May 16, '20 85444274 commented Dec 27, '21

Configuring Azure AD Connect with a .local Domain UPN Suffix

Hi, I am trying to configure Azure AD Connect so that the users on my on-premesis domain can sign in and use Microsoft Teams. I am completely new to Azure AD, and have just created the brand new account for it. I am at the step where I need to add a verified domain, but I haven't verified any in Azure AD yet, and my on premesis domain is @<company>.local. We do also have on premesis exchange and I have access to @<company>.com, but the domain in the forest isn't set up to use .com I guess? I need to get some help with exactly what steps I need to take to have users able to sign into teams with their work email addresses using the password hash sync of Azure AD Connect.

azure-ad-connect

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-05-16T05:05:27.807Z

ManuPhilip answered May 16, '20 ChrisNewell-2912 commented May 18, '20

Hi,
Azure AD Connect only synchronizes users to domains that are verified by Office 365. If your internal AD DS only uses a non-routable domain, this can't possibly match the verified domain you have on Office 365. You can fix this issue by either changing your primary domain in your on premises AD DS, or by adding one or more UPN suffixes.

Here is the nice article explains, how to add UPN suffixes and to move forward with the directory synchronization.
https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization#add-upn-suffixes-and-update-your-users-to-them

Regards,
Manu

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChrisNewell-2912 · May 18, 2020 at 02:39 PM

Manu is correct you need a .com on the external Azure FQDN and another UPN added to your internal domain that matches the external .com.

1 ·

Answer 2 · 2020-05-18T19:27:11.617Z

JankeSkanke answered May 18, '20 85444274 commented Dec 27, '21

The recommended setup is to configure your onpremises accounts so that UPN = EMAIL = SIP. You dont have to change your domain name, just add extra UPN suffix to your users and match with email and sip adress. A couple of other things to consider is that you must not assign a Exchange online license to any users if you dont have exchange hybrid setup. That would make the users get dual mailboxes and any mail from any O365 organization would land in the cloud mailbox that the users never would use.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

85444274 · Dec 27, 2021 at 02:18 PM

Hello!

Could you tell me please, how it's can to do?

Do you have manual? Do you need to configure this in the Synchronization Rule Editor?

Thanks.

0 ·

question