Hello @Stephen Norman ,
- Out of the box, on-premises users will get synced to Azure AD and conflicts may arise for things like duplicated UPN or SMTP ProxyAddress but **Azure AD/Exchange Online users or passwords should not be updated since there won't be an immediate match between on-premises and cloud users. **
- It's possible to sync several on-premises AD domains with one Azure AD. In your case, sounds like a single exchange login is shared by on-premises users from different forest (root on-premises AD). You can update the on-premises users so that they are matched against the same cloud user. For more information take a look to Multiple forests: full mesh with optional GALSync.
These are the recommend steps to follow in your scenario:
- Set mail attributes for users of on-premises AD #1.
- Use SMTP matching to do the very first sync. You should not run this again.
- Switch to Multiple forests: full mesh with optional GALSync topology so that users across all on-premises are matched as a single identity.
After this **you will be able to sign-in Exchange Online and other Azure AD backed SAAS using any on-premises user. **
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.