AADconnect / Office 365

Merging local AD users with Cloud users

Mark GerlowLeave a comment

 

Office 365 is no ”new kid on the block” anymore, and most companies are running with AADConnect, with or without ADFS. But I still see smaller customers, who have a local AD and an Exchange Online tenant, without any connection. It rarely takes a lot of time to convince them, that managing 2 user accounts, is a lot more work, and usually they are REALLY tired of changing the online password, because users forget! Or perhaps, even worse…. They set the passwords to never expire 2018-02-06_15h55_49

So, is there an easy way to “merge” the two? Yes, but you need to plan it well, and have all the settings of your users correct.

I’ll describe it in the following steps.

I already installed AADConnect, and made sure to use OU filtering, meaning, that I only synchronize certain OU’s to Office 365. In my case, the “Users” OU is synced. The OU “Not synced”, is were my users that I want to sync are located.

AD_OU

In my Office 365 tenant, I have my 3 cloud users (I’m aware that one of them is missing a license, but that doesn’t really matter 😊)cloud users

  1. So, first step is to makes sure that the local users have the correct settings Make sure, that their correct email address is in the “E-mail” fieldAD_user
  2. Next, choose the “Account” tab, and make sure that the users UPN matches your public mail domain added in Office 365correct UPN
  3. If you have a “local” domain (in the old days, it was fairly normal that the AD domain was .local .lan or something not internet routable.) You need to add your SMTP domain as an UPN suffix. Open “Active Directory Domains and Trusts”, takes properties and add the domain.

add upn to adadd upn to ad1

Make sure you make that change to all your users. 😮

  1. Now were ready to start merging users. You might want to test with a made-up user first, but otherwise its just start moving users to the synced OU and run AAD Sync.
    • To force a synchronization you need Powershell, otherwise you have to wait up to 30 min (default sync time)
    • Logon on to your Office 365 tenant with Global Admin rights. Then run the following command
    • Start-ADSyncSyncCycle -PolicyType Delta

 

Wow and behold. Users who, before the change had 2 passwords and 2 user accounts to maintain, can now benefit from all the features of AADConnect 😊

cloud synced users

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.