25,129 questions
Syncing On-Premises AD User Accounts with Azure AD Connect
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 92%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
Lt. Douglas C. Duke
0
Reputation points
There is a need to align on-premises Active Directory (AD) user accounts with Azure AD through Azure AD Connect. The current setup involves syncing a specific Organizational Unit (OU), but the issue arises due to differing domain names. The on-premises domain is example.gov, while the Office 365 domain is example.com, which is a registered public domain.
User accounts on the domain controller are formatted as lastName_Initial (e.g., ******@example.gov), whereas the corresponding email addresses are structured as FirstName_LastName@example.com.
When syncing with Azure AD Connect, the user information populated shows the on-premises domain (example.gov). In previous versions of Azure AD Sync, adjusting the userProxyAddress to include SMTP:user@example.com allowed the sync to recognize this as the user's email. However, the current configuration results in Azure Connect creating new users with usernames in the format ******@example.onmicrosoft.com when the proxy address is not added.
Adding the proxy address does not seem to resolve this issue as it did previously. The goal is to ensure that the AD user accounts mirror the Office 365 accounts without the need for manual changes in Entra ID for each user. What steps can be taken in the sync process to achieve this?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
JimmySalian-2011 42,496 Reputation points2025-04-02T15:24:03.3733333+00:00 Hi Douglas,
In this scenario you can try using the Custom Attribute mapping, please test this with few test users in the OU and check out the results.
More detailed steps over here - https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-attribute-mapping
https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/concept-attributes
Hope this helps in resolving your issue.
Please don't forget to upvote and Accept as answer if the reply is helpful
If this answer helped you please mark it as "Verified" so other users can reference it.
-
Lt. Douglas C. Duke 0 Reputation points
2025-04-02T16:52:55.29+00:00 Does this also work with Connect Sync? I am not using Cloud Sync and don't have a license for it. When I go to Hybrid Management, the opeions described in the instructions are not present.
-
JimmySalian-2011 42,496 Reputation points
2025-04-02T21:13:49.22+00:00 Oh okay sorry try this for Entra Connect - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-existing-tenant?source=recommendations
-
Lt. Douglas C. Duke 0 Reputation points
2025-04-04T18:31:28.7666667+00:00 I am still having an issue getting the on prem accounts to match up with Entra ID accounts. In the On-Prem attributes there is an ObjectGUID that is a hexadecimal. In Entra there is an Object ID that is not in Hexadecimal form. I am not sure if those are the things that need to be matches in order for the sync to merge the two. I also tried to use the Microsoft Graph powershell command to not allow hard matches and only allow allow soft matches, but I am getting errors using the MgGraph commands, so not sure how those are supposed to work. Is there anywhere I can go where I can see what attributes from On-Prem are matching to what attributes from Entra ID. I remember this being so much easier in the last version of ADSync I used.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 77%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rukmini 3,841 Reputation points Microsoft External Staff Moderator2025-04-07T11:21:27.2366667+00:00 Lt. Douglas C. Duke, Can you also provide the MgGraph commands you are using?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 5%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SrideviM 5,710 Reputation points Microsoft External Staff Moderator2025-04-08T09:48:52.32+00:00 Hello Lt. Douglas C. Duke,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, please respond with more details by providing the MgGraph commands you are using, and we will try to help.
Sign in to comment
Sign in to answer