asked on 3/16/2016

Azure AD connect using the wrong domain on sync

Hi,

I've got Office 365 setup for a primary school I support and I want to utilise AAD connect to initially sync passwords but eventually look into SSO using ADFS.

However after going through the installation and doing my first sync with a test account, the wrong domain is selected. Instead of user@domain.something.something, the account created in Office 365 is user@domain.onmicrosoft.com??

The correct domain is setup within Office 365 as the school have been using it for some time.

Please can you advise?

Thanks

Azure Microsoft 365

Last Comment

ICTIC

4/15/2016

Vasil Michev (MVP)

3/16/2016

If the domain is verified in O365, check whether you have proper UPN configured for the user in question. There are certain characters that are acceptable on-prem but will be ignored in O365. And if the UPN gets ignored, the SamAccountName plus the default onmicrosoft.com will be used instead.

ICTIC

3/17/2016

ASKER

Thanks Vasil

Will have a look and come back to you.

ICTIC

4/11/2016

ASKER

Hi

The UPN of our users does contain numbers but no other special characters?

Would that be a problem?

Thanks

Vasil Michev (MVP)

4/11/2016

That should not be the problem. The allowed UPN values can be found for example in this article: https://support.office.com/en-us/article/Prepare-to-provision-users-through-directory-synchronization-to-Office-365-01920974-9e6f-4331-a370-13aea4e82b3e?ui=en-US&rs=en-US&ad=US&fromAR=1

ICTIC

4/11/2016

ASKER

Does the UPN have to be the same as the Office 365 UPN?

For example does my AD user need a UPN of test@school.sch.uk to match the Office 365 domain (school.sch.uk)?

Currently my local ad domain is school.internal??

Thanks

Vasil Michev (MVP)

4/11/2016

If you use .local or similar, it will be replaced with @domain.onmicrosoft.com. Same will happen for any UPN suffix that does not correspond to domain you have verified in O365.

ICTIC

4/11/2016

ASKER

OK, so what do I do here (best practice) as for this site and others I manage, the local AD domain is often <name>.internal and the office 365 domain is always <name>@<organisation>.county.sch.uk?

I could perhaps still verify the .internal domain in Office 365 but I still want the email/login of the Office 365 user to be <name>@<organisation>.county.sch.uk? How would this work?

I could manually change the domain once they are synced but I don't know if this would cause further issues?

Finally I thought I could provide an alternative local domain suffix as discussed here: https://community.office365.com/en-us/f/613/t/284307

Thank you for your help thus far

ASKER CERTIFIED SOLUTION

Vasil Michev (MVP)

4/11/2016

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

ICTIC

4/12/2016

ASKER

Thanks Vasil, for clarifying.

I think I will go with changing the UPNs locally to keep it automated, is there ay consequence to doing this?

Then I think I am good to go :-)

ICTIC

4/15/2016

ASKER

Resolved following advice from Vasil