Solved

Clarification on requirements to sync .local AD domain to Azure AD using the  AD connect tool

Posted on 2016-10-13
3
28 Views
Last Modified: 2016-10-13
We are undergoing the process of moving to an Office 365 solution from a single 'domain'.local  domain. I have already validated our routable 'domain'.com domain.
We are about to install Azure AD Connect to synchronize user accounts to our Azure AD presence. I understand that AD UPN's must use a routable domain and that as changing our primary AD domain (from .local) is not an action we want to take there is an option to update as following;

1) Add 'domain.com' as an Alternate UPN suffix (Domains & Trusts - applied only at new account creation)
2) Change the UPN suffix for existing users (to the routable 'domain'.com), or
3) Use PowerShell to change the UPN suffix for all users.

My questions are;
1) Has anyone used this, or another process
2) What has been the positive (or negative) experience
3) What are the risks involved

My challenge is that as Microsoft have changed the tools for synchronizing (eg from DirSync etc) it is difficult to find consistent and relevant information.

Thanks in advance.
0
Comment
Question by:agradmin
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Joseph Moody earned 500 total points
Comment Utility
1. Yes - this is the normal way of handling this.

2. Use powershell to automate this. Either change the default UPN for your domain to your public one or setup a scheduled task to check for users without your public UPN and to change it.

3. Little or none (of course, test this out with a smaller set of users before rolling it out company wide).
0
 

Author Comment

by:agradmin
Comment Utility
Thanks for the prompt response Joseph - now I can rest a bit easier :-)
0
 

Author Closing Comment

by:agradmin
Comment Utility
I appreciate the prompt and thorough response!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Monitoring systems evolution, cloud technology benefits and cloud cost calculators business utility.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now