Hi @Filippo Martinelli • Thank you for reaching out.
There are 2 ways to achieve this. I would recommend the first option:
1 :- By adding additional UPN suffix i.e., publicDomain.com in your local AD and then flip publicDomain.local UPN suffix with publicDomain.com for all users. You can use below PowerShell script for this purpose:
$LocalUsers = Get-ADUser -Filter "UserPrincipalName -like 'publicDomain.local'" -Properties userPrincipalName -ResultSetSize $null
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("@publicDomain.local","@publicDomain.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}
2 :- If you already have publicDomain.com suffix in the mail attribute of all on-premises users, you may consider synchronizing mail attribute from Local AD as UPN to Azure AD. With default configuration, On-premises UPN is synced as UPN in Azure AD and the sync rule "In from AD - User Common" is used by default for this purpose. Below is the default syntax of the sync rule for syncing UPN:
IIF(IsPresent([userPrincipalName]),[userPrincipalName], IIF(IsPresent([sAMAccountName]),([sAMAccountName]&"@"&%Domain.FQDN%),Error("AccountName is not present")))
However, you can clone the default rule and update the rule syntax for UPN as mentioned below:
IIF(IsPresent([mail]),[mail], IIF(IsPresent([sAMAccountName]),([sAMAccountName]&"@"&%Domain.FQDN%),Error("AccountName is not present")))
This means, if the mail field is present use mail field. If it's not present check if SamAccountName is present. If it is present use SamAccountName with domain field. If SamAccountName is not present either throw an error.
Note: The new rule has to be created with a unique precedence number and the order or the rules is important. Which is why support recommended you to reinstall and select Mail attribute to be synced as UPN. If you decide to go with this option, make sure this change is tested before implementing in production environment.
I think you misinterpret the related post, as the DNS entry is required to verify the custom domain in Azure tenant and not to map users between local AD to Azure AD.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.