Our on premises windows domain is not public, it is myDomain.local.
In Azure Active directory we have created a custom public domain publicDomain.com and we have the legacy domain publicDomain.onMicrosoft.com.
We want to sync users from myDomain.local to publicDomain.com but they are created inside publicDomain.onMicrosoft.com.
According to Microsoft support the only way to achieve this goal is to re-install Azure Connect and tell it to use a specific field to create new users in Azure AD. For example we can set user mail field to n.surname@publicDomain.com to create that user principal name in Azure AD.
I found this related post which says to put a DNS entry , but I cannot understand how it may work.
Is there another way to force Azure AD to map users from myDomain.local to my custom domain publicDomain.com ?
Can the synchronization rules editor be used for this scope ?
Update - Request for clarifications
To summarize our system:
-Azure Ad Connect is installed on server 1 and is configured to create azure ad users from the field mail od local AD user.
Here is the relevant part of the configuration:
"identityMappingPolicy": { "azureSourceAnchorAttribute": "mS-DS-ConsistencyGuid", "userPrincipalNameAttribute": "mail", "userMatchingPolicy": "AlwaysProvision" },
AAD Connect Provisioning Agent is installed on server 2 and no configuration was requested, so I suppose it is using the same of Azure Ad Connect on server 1 and stored (?) on Azure AD.
In the Azure AD Connect cloud sync page I can select myDomain.local and at step 2 I can modify the mapping
userPrincipalName rule is the default one:
IIF(IsPresent([userPrincipalName]), [userPrincipalName], IIF(IsPresent([sAMAccountName]), Join("@", [sAMAccountName], %DomainFQDN%), Error("AccountName is not present")))
while I would expect to find the mail field here.
Besides I wonder if I could only change %DomainFQDN% to publicDomain.com in order to map users correctly. Anyway I'm not going to make this test because Azure AD is working fine now and don't want to break it.