Syncing Local AD to Azure AD w/ Mis-Matched Domains

Image property of nolabparty.com

Recently, I was tasked with setting up our 35 Azure AD Sync from our local on premise server. I used IDFix and scanned and fixed any errors and then just set up the AD Sync Tool on a standalone server solely dedicated to that job(Small VM 1 gig ram, 1 proc, etc etc). However I ran into an issue with the domain validation. We are currently set up on a .biz locally while I was trying to sync the user domain to a .net in Azure AD. After a few hours of agonizing support calls through Ingram Micro I finally reached out to the #spiceworks and #republicofit IRC channels on Freenode. The fix was almost laughably easy to implement and do.

1: Add a Suffix UPN to your local AD(https://www.petri.com/add-upn-suffixes-in-active-directory). In my case I added domain.com as the Suffic UPN.
3: Ensure your domain has been verified and assigned int he setup portion of the 365 portal(http://office365support.ca/adding-and-verifying-a-domain-for-the-new-office-365/).
2: Change all of the UPN(s) for your users to the new suffix(https://blogs.technet.microsoft.com/canitpro/2015/07/07/step-by-step-changing-the-upn-suffix-for-an-entire-domain-via-powershell/). Unless they are actually signing in as username@xxx.domain.biz, then they will not see any difference at all as they still use domain\username.
3: Resync your AD by opening powershell on your VM that you have AD Sync installed and running a Delta
Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Start-ADSyncSyncCycle -PolicyType Delta
 4: Check your Azure AD and you should start to see all of your users change the username from username@domain.biz to username@domain.net or whatever you set.

Now I did have some cases where we had already created local users in Azure AD and these had to be deleted. In that case AD sync was balking at the UPN already being in use. After you delete them, select all of the usernames that didn't change domains and hit edit domain and assign it the correct one. This will only work with two or more users selected. If you try it with one you will see the option to edit domain grayed out.

Thanks Robyn, Cipher-0, spartanmouse, Nick-C, and TLucier for the pointers in the right direction.

Comments

Post a Comment

Popular posts from this blog

Automating white noise with Home Assistant

Image
                                                          So I have a 12 hour white noise clip I pulled from somewhere some long time ago that I have loaded into my Plex media server. I usually open Plex on my phone and cast it to my Bedtime google group every night but that gets tedious and tiresome after a while. Why not automate it to auto load at 8PM every night?  If you already have Home Assistant already configured and setup then cool! If not refer to here: Installation Guide . I installed on a Pi 3B+ with 32 gig SD card. First off, upload the mp3 file to your google drive and make it shareable to all. Follow the steps to get a  an API key and generate a direct google drive link. You will need this if you audio file is large than 100MB as google natively pops up with a display that says too large to scan and thus you cant stream...
Read more

Uninstalling Old Office and Lync in one swoop

Image
Currently, we are in the process of migrating all users to Office 365 ProPlus. However, manually uninstalling lync and office can be a pain. An easier way to do this is to: Create a folder and make two separate xml files named lync.xml and proplus.xml. Put this folder in a publicly accessible share somewhere. In the lync.xml put in the following: <Configuration Product="LYNCENTRY"> <Display Level="None" AcceptEULA="TRUE" /> <Setting Id="SETUP_REBOOT" Value="NEVER" /> </Configuration> In the proplus.xml put in <Configuration Product="ProPlus"> <Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" /> <Setting Id="SETUP_REBOOT" Value="NEVER" /> </Configuration> Next, create a batch file named nuke.bat or whatever fancy thing you want to name it. Paste in the following: ...
Read more

Old Bike Pics from the first wreck.

Image
It was a hot morning in August 2015. I opted to not wear my jacket or gloves but I did wear my helmet, boots, and jeans. As I was exiting Interstate 20 by the West Loop 250 entrance, the truck in front of me had no tail lights working and had slammed on his brakes to avoid hitting someone who ran the yield sign on the service road. Going from 75 down to a dead stop on a bike isn't too hard, but throw in a slick patch on the road, and a semi who blew past me as I exited onto the off ramp at the same time and my bike immediately started to slide. I aimed for the caliche and the next thing I knew I was on my back looking up. Out of the peripherals to the left I saw my bike bouncing end over end and I barely had enough time to scream "F**K!" as the tail end slammed onto my helmet and the bike stood on it's end on my head. A pair of safety glasses were the only thing that saved my skull from getting brained by whatever piece of metal to which I can only assume was the pas...
Read more