![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 87%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
@Angela McLaughlin | NCTCS There are multiple reasons for user syncing with UPN suffix ".onmicrosoft.com". Say for example you have local on-premises domain as contoso.local. You need to have contoso.local as verified domain in Azure AD. Now, say you have added contoso.com as verified domain in Azure AD. If you are syncing the user as contoso.local to Azure AD from on-premises, then the UPN suffix will get set as ".onmicrosoft.com". Because you don't have contoso.local as verified domain in Azure AD. Instead, you have "contoso.com" as verified domain. To fix the above scenario you can follow the document as below, https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide There are multiple reasons on how UPN is populated in Azure AD. You can refer below article to know more about this, https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname Let me know if you have any further questions. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.