if we already have an azure presence, can we still use Entra Connect to sync if our domains are not the same?

Question

if we already have an azure presence, can we still use Entra Connect to sync if our domains are not the same?

Curt Eberfeld 0

I'm walking into a situation where my predecessor setup a kageinnovation.com domain in Azure for our O365 functions but our on-prem domain name is different. the Azure AD sync install recognizes this but can continue. Will I do damage to the Azure presence accounts if i go through with the first sync? Thank you..

JamesTran-MSFT 36,841 Reputation points Microsoft Employee

2024-02-13T21:03:56.3133333+00:00

@Curt Eberfeld
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

2 answers

Your answer

JamesTran-MSFT 36,841 Reputation points Microsoft Employee

2024-02-13T21:03:56.3133333+00:00

@Curt Eberfeld
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 1

Thameur-BOURBITA 36,226

Hi

You have to add the domain name used for entra in your Active Directory as a suffice and use it for UPN to avoid authentication issues when user trying to access on azure resources because the domain name used for on premise Active Directory (domain.local) is not routable for more information please refer to the following link: https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide

Please don’t forget to accept helpful answer

Answer 2

Hello Curt

It’s possible to sync users from multiple domains, even in multiple forests, to a single Azure AD tenant. The Azure AD Connect installation wizard offers several options to consolidate users who are represented in multiple forests/domains.

The goal is that a user is represented only once in Azure AD.

One common approach is configuring the AD account UPNs (User Principal Name) to match the primary emails. If you follow the official guidelines, you should be fine.

However, please note that the on-premises domain and the Azure AD Domain Services (AAD DS) are two separate domains with different user GUIDs. You sync to Azure AD, Azure AD syncs to AAD DS but they don’t share the same NTLM GUID.

Before proceeding, it’s recommended to thoroughly review the Topologies for Azure AD Connect and prepare your non-routable domain for directory synchronization.

Always ensure to have a backup and a rollback plan in case of any unforeseen issues.

Remember, this is a complex process and if you’re not confident, it might be best to seek help from a professional or someone experienced with Azure AD and domain synchronization.

I hope this answers your question?

Share via

if we already have an azure presence, can we still use Entra Connect to sync if our domains are not the same?

2 answers

Your answer