creating Hybrid system between Microsoft Azure and on site Microsoft 2019 server domain

What do you mean exactly?

You can have a domain controller synchronized in a VM in Azure. But, I don't think that it is what you mean.

Another different way to use Domain Accounts in Azure consists to synchronized AD Accounts by ADConnect to Azure AD.
You can synchronized users and groups from AD to Azure AD. And then use these groups/users in Azure.

after reading a few MS document what we go for is to sync the onsite domain and the Azure accounts so all users just have one logon preferably their email address

Yes, it is that is done by Microsoft ADConnect.
Ideally, you just have to change the UPN (UserPrincipalName) of users to be identical to their email address.

On Azure AD, the ideal is UPN=Main Email=SIP (Teams).

Now, for Azure, you have to choose a "sign in" mode during ADConnect Installation.
- It can be "PHS", "PTA", "ADFS" or other (nothing=Password managed on Azure AD)
PHS=The hash of the password is synchronized from AD. (The same password can be used in Azure AD)
PTA= When connecting to Azure AD, an agent from AD/Your network will authenticate you
ADFS= Probably too complicated. You must install 2 to 4 servers to manage that, buy a certificate, etc...

That can be done using Azure AD Connect.  Here's an article about how to set it up:

Azure AD Connect: Step-By-Step Instructions (bemopro.com) 

Here's the download:

Download Microsoft Azure Active Directory Connect from Official Microsoft Download Center 

Microsoft recommends using a separate server to run/manage ADConnect.  I suppose it depends on the size of your organization whether you would need anything more than that.

I will run this on the server, is it best setting up out of hours or doesn't it matter have you tried it Hypercat

Deman-Barcelo yes the email address is the same on the azure domain and the local domain.
at present they do login to the using domain\username  but we want to change to email address 

If you have a limited number of users, you can install and run it from a domain controller.
It should not be any reboot.

ADConnect installs services that synchronize every 30 minutes by default.
Users, groups and contact in Organizational Units that you can select are synchronized.

i will keep you up dated

Set up doesn't interfere with any other normal operations.  Setting it up during normal working hours would be fine.

Just curious here. When you say you login with domain\username, this is, of course, internally. Are you saying you want to logon with UPN internally? like mailto:user@domain.com? You can always logon to a machine internally with the UPN. Just enter it in the username field. You don't need integration with Azure AD for that. (I assume you are talking about AzureAD and not real Azure. They are 2 different things altogether) However, if you are using Microsoft 365 resources like Teams or Exchange online, AADconnect is an absolute necessity in my opinion. And can be setup anytime. It is not disrupting to your network or Microsoft 365 as long as you follow the installation guidance in Office 365.

 yes the email address is the same on the azure domain and the local domain.

Take care, that with ADconnect, if the account has the same UPN/Email address in AD and Azure AD, AD properties will replace Azure AD properties, included the password to use if you choose to activate PHS.

yes the domain\username is internal to the local server and we are looking to do away with it and replace with the email address

I will watch for that thanks

we are planning to complete this between Friday afternoon and Saturday when there will be no users accessing either system

Ran the Azure connect work fine now moving on to enable and setup Azure single user sign-in
if anyone has any experience advice would be welcome 

What are your users signing in to in the cloud?  If you're using it for sign in to other Microsoft cloud services such as Office 365, you wouldn't have to do anything else other than license the Azure user accounts for those services.  Their account sign-ons (in terms of user name as well as password) would automatically be synchronized between Azure and your on-site Active Directory.

office 365 is the main one, what I am trying to achieve is when they login using there email address it gives the access to the 365 account and logs the on to the Domain  server.
with that we can control the password changes on the azure Active directory  

You have 2 possibilities:
- PTA: PassThru Authentication
- PHS:Synchronization of the Hash of the password.

Note that PHS can also be selected and used as a possible backup for authentication when PTA is configured.
It adds more security on the passwords, because Azure AD can verify if these passwords have been compromised.

PTA works with Agent(s) which validate the requests to connect that come to AzureAD.
(By default, the first agent is installed automatically on ADConnect when you choose the PTA mode sign-in. At least one agent should be installed on another server).
So with PTA, it"s finally AD that validates the sign-ins on AzureAD/Office 365.

With PHS, it's Azure AD that validates directly the user sign-in.

You're probably already thinking along these lines, but depending on how your user logins are configured in Active Directory, you may have to change them if you want them to log on using their email address.  Most commonly, the user logins in AD are not the same as the user email address.  If they are the same, then you're golden as far as that goes.  If they're not, you need to change it to match their email address name. For example, if my name is Jim Winter, my logon is JWinter, but my email address is Jim_Winter, then you'd have to change the logon name to Jim_Winter.  Or vice versa of course. 

I have gone through the process setting up has per MS document, the email address we use are first.lastname@domain
and most of the users are domain\first.lastname
the ones that are one the old users can be eaisly changed
the issue I have I have setup password write back and double checked but the Azure ON-premises integration it say writeback isn't enabled 

Do you have Microsoft Business Premium or Azure AD Premium?  This article says that password write-back is a feature of these licenses only:

License self-service password reset - Azure Active Directory | Microsoft Docs 

yes the Azure Active Directory  says the license is a Premium P1 has we have a Office 365 Business Premium License
and that's part of the license.

what I have noticed is when I check the Azure AD connect on the Domain server the User Password writeback is still disabled I have been over the setting several time and cant see why the password writeback and the Device writeback are enabled  
anyone had this issue.

Hi,

are you sure that the account defined to connect to AD has all delegated/needed permissions?
If any doubt on the needed permission, you can try putting this account in the group "Enterprise Admins".

You can look in the ADSync events on the ADConnect server, you will find more information about the setting of Password writeback (Success or Failed).

the user I am using is the domain Administrator
I will have a look at the ADSYNC events