Connecting Azure AD with on-premise active directory using Azure Ad connect , possiblity of user duplication

Mohammed Rayyan 1 Reputation point
2021-05-25T11:34:52.873+00:00

If the current tenant containing office 365 users is synchronized with on premise active directory , there is a possibility in duplication of on premise users with office 365 users in azure ad ?

In case scenario: if there is already user xyz@jaswant .com in azure ad directory , if it synchronized ,it takes on prem active directory user ie xyz@jaswant .local and register as xyz@jaswant .onmicrosoft.com will there be a duplication in users , as there will be two users after sync xyz@jaswant .com and xyz@jaswant .onmicrosoft.com?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2021-05-25T11:55:01.153+00:00

    It will do a soft match:
    When you install Azure AD Connect and you start synchronizing, the Azure AD sync service (in Azure AD) does a check on every new object and tries to find an existing object to match. There are three attributes used for this process: userPrincipalName, proxyAddresses, and sourceAnchor/immutableID. A match on userPrincipalName and proxyAddresses is known as a soft match. A match on sourceAnchor is known as hard match. For the proxyAddresses attribute only the value with SMTP:, that is the primary email address, is used for the evaluation.

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant#sync-with-existing-users-in-azure-ad

    P.S. You can't use a .local for the on-prem UPNs. They have to be a valid domain suffix registered in Azure.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.