Azure Connect on premises

Question

Hi, Please can some one assist,

We have installed Azure connect on our on premise server and the accounts have been duplicated. The admin portal was created with the same setup as the server username@domainname.co.za for some time now and we recently decided to install azure connect, however, azure connect has created the same username@onmicrosoft.com. How can i get the AD server to sync and merge with the existing usernames. the username exported to Azure with the onmicrosoft.com has no license and if i try to set the upn to the correct username@domainname.co.za it pops up an error which i think is normal as the upn already exists on the user with the correct username@domainname that was created before the azure connect setup.

so eg, name@abctraders.com existed on admin portal after installing azure connect the following appeared.

name@abctraders.onmicrosoft.com.

please can someone assist.

Answer 1

Hello Strini,

Thanks for your question

I would recommend the following:

• Login to the Entra ID Portal.
• Search for both the .onmicrosoft account and the conflicting account Entra ID and Health.
• You need to confirm there is not an SMTP conflict in your environment. To do this pls check the primary proxy address of the user. (You can check Entra id health) If there is a conflict, you will need to do a soft match. You can do this following the steps here: https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78
• For UPN conflicts, you have to ensure thatUPN suffixes for the on-prem users match those of the ones already created in Azure AD. This can be done thus: https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/user-prov-sync/use-upn-matching-identity-sync#upn-matching-limitations
• After doing the above remove the conflicting account using a hard delete and run a sync again

Please let me know if you have further questions**

You can mark it 'Accept Answer' if this helped.

Answer 2

Hi @Strini Naidoo

Thank you for post!

I understand that when you install Azure AD Connect, it creates a new user account with the domain name @onmicrosoft.com. This account is used to synchronize the on-premises Active Directory with Azure AD If there is already an existing user account with the same name you can resolve the duplication issue and merge the on-premises AD accounts with the existing Azure AD accounts by using the below options
Soft Match: This method uses the userPrincipalName and proxyAddresses attributes to match existing users.
Hard Match: This method involves using the sourceAnchor/immutableID attribute. You can set the immutableID for the Azure AD user to the Base64 encoded string of the ObjectGUID of the user in your on-premises AD.

For more readings: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/hybrid-identity-getting-users-aligned/ba-p/2274690
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-existing-tenant#sync-with-existing-users-in-microsoft-entra-id

Hope this helps. Do let us know if you any further queries.

Thanks,
Akhilesh.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.