MSP created "company.local" then linked AD Sync to Azure Cloud (company.onmicrosoft.com) instead of our Default Domain name, "company.com". Now everything is messed up. How do I fix it?

Wamphyri 1 Reputation point
2023-01-03T21:07:44.75+00:00

After a cybersecurity event, we hired an MSP to assist with clean up and the set-up of a new network. Since there were many competing priorities, I allowed them to set up the new forest. I created the network architecture and disseminated a blueprint of what I needed done. At the time, our on-premesis AD and domain name were the same. I asked that they create a "company.local" domain and separate them, then link the AD Connect to Microsoft 365 (our Default domain), "company.com".
Instead of doing what was asked, they created a "company.local", but DNS says the domain is non-existent and instead of setting up the sync to our default domain, they set it to sync with Azure Cloud. Now everything is sending errors and there are several orphaned groups and users that are no longer in the on-premises AD. Some (like Distro groups) are easy to fix, but there are too many errors to keep trying to fix it.
I have Server 19 on-premises and the forest level is Server 16. It is a small business with 90 users and roughly 200 windows devices / 150 android devices. We migrated to 365 at the beginning of 2022. We are using Exchange Online and all endpoints are Windows 11.
Is there a way to fix the sync engine so that it points to the default domain or would that just cause more problems at this point?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,501 Reputation points
    2023-01-03T22:51:37.21+00:00

    Hi,

    If they created a domain "company.local " instead of "company.com" it's not a problem. You can fix it by adding a additional UPN suffix "company.com" in your on-premisis AD. The link below can help you:

    Prepare-a-non-routable-domain-for-directory-synchronization

    Check also if your domain name is configured in azure based on the following link:

    Add your custom domain name using the azure active directory portal

    Please don't forget to mark helpful reply as answer

    1 person found this answer helpful.
    0 comments
  2. Limitless Technology 43,931 Reputation points
    2023-01-04T13:17:52.857+00:00

    Hello there,

    We can use a canonical name record (CNAME) to map one domain or subdomain name to another domain.

    All you need is an IIS server running inside the domain.

    Setup CNAME in DNS to point to the IIS server, using host names in IIS to resolve several sites on a single IIS server.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    1 person found this answer helpful.
    0 comments