Configuring Azure AD Connect with a .local Domain UPN Suffix

Question

Hi, I am trying to configure Azure AD Connect so that the users on my on-premesis domain can sign in and use Microsoft Teams. I am completely new to Azure AD, and have just created the brand new account for it. I am at the step where I need to add a verified domain, but I haven't verified any in Azure AD yet, and my on premesis domain is @<company>.local. We do also have on premesis exchange and I have access to @<company>.com, but the domain in the forest isn't set up to use .com I guess? I need to get some help with exactly what steps I need to take to have users able to sign into teams with their work email addresses using the password hash sync of Azure AD Connect.

Answer 1

Hi,
Azure AD Connect only synchronizes users to domains that are verified by Office 365. If your internal AD DS only uses a non-routable domain, this can't possibly match the verified domain you have on Office 365. You can fix this issue by either changing your primary domain in your on premises AD DS, or by adding one or more UPN suffixes.

Here is the nice article explains, how to add UPN suffixes and to move forward with the directory synchronization.
https://learn.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization#add-upn-suffixes-and-update-your-users-to-them

Regards,
Manu

Answer 2

The recommended setup is to configure your onpremises accounts so that UPN = EMAIL = SIP. You dont have to change your domain name, just add extra UPN suffix to your users and match with email and sip adress. A couple of other things to consider is that you must not assign a Exchange online license to any users if you dont have exchange hybrid setup. That would make the users get dual mailboxes and any mail from any O365 organization would land in the cloud mailbox that the users never would use.