How to configure sso to work with office 365

We have office 365 e3 with roughly 100 users. we recently added a domain to start managing accounts. We would like to setup Federation services and take advantage of single sign on and synchronize AD with office 365.  right now users are using their email addresses to sign on to owa.  Email/login for 365 format is [first name].[first letter of lastname] and the internal AD usernames are formatted as [first name][first 2 letters of lastname] .  

If we start the synch and configure sso, will having the different username formats cause problems? if so, would it be best to change the username format on AD or 365(without changing the email address)

Any help is greatly appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You will run into issues.
The UPNs must match on both sides.
You can change the UPNs in the AD to match what already exists in Office 365.

After that you should be able to synchronize everything without sign on issues.
Vasil Michev (MVP)Commented:
Once you start dirsync, it _should_ update the UPNs of the cloud users to match the local ones. In practice, this almost never happens, so you will have to update them in the cloud (fastest way is using PowerShell's Set-MSOLUserPrincipalName cmdlet). It will match them the first time, but then creates a immutableID and things go a bit downhill :)

When you have AD FS up and running, it doesn't really matter what the UPN is. If you setup everything correctly, users will only be prompted once in Outlook (basic auth stuff there). All other Office 365 related services will be accessible with no prompt and the users will not even notice their username. Only if they have to login outside of the domain environment, they will have to provide a username (and this is one of the reasons people keep the UPNs in O365 matching the on-prem ones).

The primary SMTP can be different ofc, no problems there.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
menreeqAuthor Commented:
I got in touch with microsoft and we were able to get the AD sync going with no problem.  The only prereqs before synchronizing were that the email field be populated, and that the proxyaddress matched they primary smtp address of the account.  All the accounts synched with no issues, with the exception that now the primary smtp address is now instead of just   I currently mail is being received and sent but I will want to change the primary smtp address soon.

Also, we still have not deployed SSO, right now we only have AD attributes synchronizing.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Vasil Michev (MVP)Commented:
Do you have the domain verified with Office 365?  In principle it should 'link' the accounts based on the UPN and/or the primary SMTP. Anyway, you can easily change the primary SMTP in the cloud by using:

Set-Mailbox username -WindowsEmailAddress

This command will work even on synchronized users.
menreeqAuthor Commented:
Also as a side note, proxyaddress should be have SMTP: in front of it, and SMTP: must be in capitols
menreeqAuthor Commented:
Answered my own question but this response pointed me in the right direction.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.