Adding prem user to AAD Connect for existing EOL users.

Andy Mack 1 Reputation point

Hello, I'm trying to add prem users to sync using AAD Connect for existing cloud O365 Exchange users/mailboxes. Is this process safe? I'm entering the email address to the premise AD user, and it finds the correct user to sync with on AAD just fine... just want to make sure this is not bad practice? We want to use one-way (inside to outside) password hash, to function as one-way SSO. This seems to be working just great... do I need to be careful about overwriting the cloud account at all, and losing mailbox data/emails?


Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,214 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,586 Reputation points

    Hello @Andy Mack ,

    Thanks for reaching out and apologize for the delayed response.

    Based on your query, I understand that you are attempting to utilize SMTP matching to match on-premises user accounts to Office 365 user accounts (with M365 mailboxes linked), as detailed here. Please let me know if I've misunderstood.

    As far as I am aware, this configuration is safe, but make sure you have good data on-premises since all attributes in Azure AD are going to be overwritten. For example, if you only have managed email address in Microsoft 365 and not kept it updated in on-premises AD DS, then you lose any values in Azure AD/Microsoft 365 not present in AD DS.

    Additionally, I would encourage you to utilize our dedicated Office 365 community forum to get a second perspective on this case from office 365 specialists on Mailbox perspective. Hope this helps.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments