AD Connect behavior when removing UPN suffix?

Question

Greetings all. I have a client with an existingO365 tenant which is synced to their local AD. That legacy AD is being migrated to a new one however the UPN suffix on the legacy domain happens to exactly match the domain name of the new domain to which everyone will be migrated. Thus, UPN suffix routing in the trust is broken.
I would like to remove the UPN suffix from the legacy domain as well as remove that suffix from all users via powershell. I do not believe this will have any impact on their current use of the legacy domain. However, my concern is that AD Connect was configured to use the UPN as the login for O365 and currently all UPN’s and primary SMTP addresses match and have been synced to Azure AD.
I was hoping to re-install the latest version of AD Connect, stipulate email address as the login name, and perform a full sync. After which, I would remove the conflicting UPN suffix from AD with the hope that their logins to O365 would be unaffected.
Has anyone performed a similar operation with positive results? The legacy domain is non-routable hence their need for the UPN suffix in the first place. I’d like to avoid a case where after the UPN suffix is removed the next sync results in either duplicate users or renamed users with a onmicrosoft.com address.

Thanks in advance for any help offered

Answer 1

Hello Greg!

Can you please clarify why you want to replace the UPN with email as your login?

It is not a good idea to change the UPN in AD and modify it to use email as it may cause conflicts during the synchronization.

Please let me know if I misunderstand your question.