EntraID Connect Office 365 Domain not matching
I might be overthinking this but don't have time to screw this up. Right now this is a test environment but. I can rebuild it all easily with some scripts we created but why bother if I can just take 5 minutes to clarify.
Anyway, I'm trying to set up Microsoft Azure AD Connect to brand new tenant and brand new local domain. Local domain is a sub domain of our Office 365 verified domain (ad.company.com). Office 365 verified domain is company.com. There are no users in Office 365 and only 2 test users in Local AD. The real domain is routable and we own it.
Our goal is to allow end users to login to Office 365 and eventually workstations with their email addresses ([[email protected]](mailto:[email protected])). We have a clean slate so let me know if there is a better option for authentication/login. IE, will this cause a problem if someone changes their name or email address, etc. We are going to add their emails as [[email protected]](mailto:[email protected]) in local AD as well.
I have created an Alternate UPN on the local DC of company.com. I changed the two test users UPN to end in company.com. I am able to login to the local domain with ["[email protected]](mailto:"[email protected])" or ["[email protected]](mailto:"[email protected])". As I said we want to us ["[email protected]](mailto:"[email protected])" for everything on the local domain and Azure/O365.
When I try to configure Microsoft Azure AD Connect "next" is greyed out on the Azure AD Sign-in configuration. See the image below.
I can continue if I tick the "Continue without matching....." checkbox but I want to make sure I understand the ramifications of ticking that box. From what I understand via the little help question marks, this is what will happen with that box checked.
If a user in local AD doesn't have the "company.com" UPN added they will get created in AzureAD/O365 with a ["[email protected]](mailto:"[email protected])" UPN and this is the only address they will be able to login to AzureAD/O365 with. If the user does have a "company.com" UPN they will be created in AzureAD/O365 with a ["[email protected]](mailto:"[email protected])" login that they can use to login to everything as we want.
If this is the case, can we fix a user that gets created in AzureAD/O365 if someone forgets or do we have to delete the user and start over with the correct UPN applied.
Sorry for the huge picture, I tried for 5 minutes to make it smaller.
Thank you in advance.