How to Sync an Existing Office365 Tenant into a New Active Directory Domain
Part 1 – Add UPN Suffixes into Active Directory
Log in to the portal as a global administrator and navigate to settings then domains. Make a list of all the custom domains you are using, not including the default onmicrosoft.com. These will be added as UPN suffixes into the active directory so that users can have the same username in the local AD as in Office 365.
Log into a domain controller and open Active Directory Domains and Trusts. Right-click on the root and click on Properties. This will allow you to add the UPN suffixes. Add all of the custom domains you have listed in the domains section in Office 365 except for the onmicrosoft.com domain.
Here we add office365lab.co.uk and press OK.
Part 2 – Check all user accounts and groups have a logon domain
Check each user account has one of your custom domains included in the user name and not the onmicrosoft.com domain.
If any user accounts have a username that is not a custom domain, then go into the account, update the username, and save the changes. It's okay to have a cloud admin account with is cloud only and has the onmicrosoft.com. If you want to sync everything else into your active directory, please make sure all the accounts have a logon domain that matches one of your custom domains.
Part 3 – Create an object in the active directory
Now it's time to go down your list of user accounts in the portal and recreate them in your local active directory. Pay special attention to the user's names, primary email addresses, and aliases.
Enter the details exactly as you see them in the Office365 portal and ensure you set the user logon name suffix to match the Office 365 logon name in the portal.
Set a password and press Next, it's not too important what the password is here because it will need resetting after the initial sync before the user can log on.
Now, ensure the primary address of the user in the portal is entered on the general tab in the e-mail field.
Next, go to the Attribute editor and find the proxyAddresses attribute. Here is where you enter all of the email addresses assigned to the account so add any email aliases which are listed on the account in the portal.
The primary email address must be prefixed with SMTP: in capitals and all other aliases should be added in lowercase smtp: This is important so pay attention when adding all of the addresses.
The primary address (aka the send as address) has SMTP: prefixed on it and all others have a lowercase smtp:
Part 4 – Install Azure Active Directory Connect (AAD Connect)
Download the latest version of the AAD Connect tool onto one of your domain controllers or a member server which will host the sync software.
https://www.microsoft.com/en-us/download/details.aspx?id=47594
Run the installer, agree to the terms, and select Continue.
We are going to go for an express setup here but if you want to explore the advanced options go for it. Select Express if you want it to work using this guide.
Enter the login credentials of a global administrator in the Office365 tenant. Just remember that if you update the password to this account you will need to rerun the AAD Connect configuration wizard to update the password.
Enter the domain administrator account and the same applies as above, if you update the password then rerun the wizard.
The wizard will verify that your custom domains have been added as UPN suffixes. If you followed part 1 of this guide your good to go.
Press install and let the configuration complete which will take a few minutes.
Once AAD Connect has been installed it will kick off a sync. Leave the system for about 20 minutes to allow this initial sync to complete in the background.
You can test if the sync is working correctly by adding a new email alias into one of your active directory user accounts and see if those changes sync into the Office 365 portal. We can see all of the additional aliases we added earlier in this guide have synced into the 365 portal!
Every change you make from now on will sync with Office 365 every 30 minutes by default. You won't see the changes right away so be patient, or open PowerShell on the domain controller and type the following command to force a sync.
Start-ADSyncSyncCycle -PolicyType delta
Related Articles
How to log in to your Azure Virtual Desktop (AVD) environment
Voiceware offers Azure Virtual Desktop platform as a service or commonly known as PaaS for its clients. This enables our customers to work from their offices or remotely. This provides you with daily backups of your data and guarantees minimum ...Error when trying to Subscribe to AVD Resouce using Remote Desktop Service app
The following error occurs since the system is trying to log you in to your tenant but the computer you are using is connected to a different work or personal account. For example: I am logged in to my physical computer with support@voicewareusa.com ...Users not able to log in to Azure Virtual Desktop environment after enabling 2 Factor Authentication (2FA)
When enabling 2 Factor Authentication (2FA) or Multi-Factor Authentication (MFA) on a user it can cause the Remote Desktop Client connection to your Azure Virtual Desktop environment to fail with an error "The Logon Attempt Failed" as seen below: ...How to configure Microsoft Entra Pass-Through Authentication Services
Microsoft offers the ability to enable Microsoft Entra Pass-Through Authentication for a Hybrid Environment Deployment. The feature allows the user to have a seamless and faster log in experience to their Microsoft Office 365 account and services and ...How to check IMAP connection settings when migrating emails from other platforms to Microsoft Exchange
Microsoft offers tools to help you migrate other email service providers to Microsoft Exchange Server Mail. One of these tools is named IMAP Email. This tool allows you to test the connection to the mailbox from which you are migrating. For example, ...