Clarification on requirements to sync .local AD domain to Azure AD using the AD connect tool

We are undergoing the process of moving to an Office 365 solution from a single 'domain'.local  domain. I have already validated our routable 'domain'.com domain.
We are about to install Azure AD Connect to synchronize user accounts to our Azure AD presence. I understand that AD UPN's must use a routable domain and that as changing our primary AD domain (from .local) is not an action we want to take there is an option to update as following;

1) Add 'domain.com' as an Alternate UPN suffix (Domains & Trusts - applied only at new account creation)
2) Change the UPN suffix for existing users (to the routable 'domain'.com), or
3) Use PowerShell to change the UPN suffix for all users.

My questions are;
1) Has anyone used this, or another process
2) What has been the positive (or negative) experience
3) What are the risks involved

My challenge is that as Microsoft have changed the tools for synchronizing (eg from DirSync etc) it is difficult to find consistent and relevant information.

Thanks in advance.
LVL 1
agradminAsked:
Who is Participating?
 
Joseph MoodyConnect With a Mentor Blogger and wearer of all hats.Commented:
1. Yes - this is the normal way of handling this.

2. Use powershell to automate this. Either change the default UPN for your domain to your public one or setup a scheduled task to check for users without your public UPN and to change it.

3. Little or none (of course, test this out with a smaller set of users before rolling it out company wide).
0
 
agradminAuthor Commented:
Thanks for the prompt response Joseph - now I can rest a bit easier :-)
0
 
agradminAuthor Commented:
I appreciate the prompt and thorough response!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.