UPN for Multiple on-premises AD Domains sync to a single Azure AD Domain

K Wahlstrom 1 Reputation point
2021-01-25T18:08:29.153+00:00

Have project that has 3 affiliates each with OnPrem AD (single domain forest) moving to Office365 and they would like everyone to have a common Office 365 logon domain.

Have seen discussion doing this by adding commonemail.org (primary domain on AD tenet) as a UPN suffix in all three domains, then change all user accounts to the new UPN Suffix.

Currently, there is no trusts between the three on-prem domains (e.g.: aaa.affiliateA.org, bbb.affiliateB.org, ccc.affilateC.org) - so at least for now - could do with out trust issues.

BUT,

As this post discusses:

https://www.reddit.com/r/Office365/comments/9b1xq8/multiple_onpremises_ad_domains_sync_to_a_single/

Is there a "better" way to do this using alternate (on-prem) attribute to use as Azure AD username (user@commonemail.org) - None of the 3 on-prem domains have on-prem exchange so I don't believe the AD schema's have mailNickname (which I have seem mentioned a few times)

If so:

What attribute is recommended?

What is best way to update/config the on prem attribute (AD powershell?)

Other than the Dropdown in Azure ADConnect "sign-in" configuration are there other things that would need to be set in on-prem AD or Azure (specific to syncing on this "alternate attribute")?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,888 questions
{count} votes

1 answer

Sort by: Most helpful
  1. K Wahlstrom 1 Reputation point
    2021-01-28T01:07:32.117+00:00

    Questions in Pic's:
    61134-adchanges4aadconnect.png61115-aadconnectuniqusersmultiforest.png