Azure Active DirectoryAzure AD Fundamentals

How to configure Azure AD Connect for non-routable domains

Azure AD Connect is a crucial tool for synchronizing on-premises directories with Azure Active Directory (Azure AD). When dealing with non-routable domain names, such as those used in private network environments, additional configuration steps are necessary to ensure successful synchronization. This guide outlines the process of configuring Azure AD Connect to support non-routable domain names.

 Prerequisites:   

  • Access to the Azure AD Connect server with appropriate permissions.

  • Understanding of Azure AD Connect concepts and functionalities.

  • Knowledge of the non-routable domain names used in the environment.

 Step 1: Identify non-routable domain names   

  1. Determine which domain names in your on-premises Active Directory are non-routable, typically those using reserved top-level domains such as “.local” or “.internal”.

 Step 2: Configure alternate UPN suffixes   

  1. Open Active Directory Domains and Trusts on the Azure AD Connect server.

  2. Right-click on the root domain and select “Properties”.

  3. Navigate to the “UPN Suffixes” tab and add alternate UPN suffixes corresponding to the non-routable domain names (e.g., contoso.local).

 Step 3: Update user principal names (UPNs)   

  1. Use PowerShell to update the User Principal Names (UPNs) of user accounts in the non-routable domain to use the alternate UPN suffixes.

  2. Powershell Code:

            Set-ADUser -Identity <Username> -UserPrincipalName <NewUPN>

 Step 4: Configure Azure AD connect   

  1. Launch the Azure AD Connect configuration wizard.

  2. Proceed through the wizard until reaching the “User Sign-in” page.

  3. Select “Alternate ID” as the User Principal Name (UPN) suffix option.

  4. Enter the alternate UPN suffixes corresponding to the non-routable domain names.

  5. Complete the wizard and allow Azure AD Connect to perform a full synchronization cycle.

 Step 5: Verify synchronization   

  1. Monitor the synchronization status in the Azure AD Connect synchronization service manager.

  2. Verify that users from the non-routable domain are synchronized to Azure AD with their updated UPNs.

  3. Perform additional testing to ensure that users can authenticate and access resources using the new UPNs.

 Step 6: Update applications and services 

  1. Update applications and services that rely on user authentication to use the new UPNs.

  2. Test the functionality of these applications and services to ensure compatibility with the changes.

 By following these steps, organizations can successfully configure Azure AD Connect to support non-routable domain names, allowing for seamless synchronization of user accounts from private network environments to Azure AD. This ensures that users can authenticate and access resources in Azure AD using their updated User Principal Names (UPNs), facilitating a unified identity and access management experience across the organization.

 

 

Related posts
Azure Active DirectoryAzure AD Best practices

Azure Backup - An overview

Azure Active DirectoryAzure AD Best practices

How to configure machine backups with Azure

Azure Active DirectoryAzure AD Best practices

How to monitor and backup Azure resources

Azure Active DirectoryAzure AD Management

How to implement app registration in Microsoft Entra ID

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.