Azure AD Services to On premise AD users

Question

Hi Support,

I have a Query, I would like to know if my on Premise AD users after Syncing (Through Azure AD connect) On Azure AD, Will I be able to have Single Sign-On to SharePoint services on Azure AD and also Users that are syncing from my on Premise AD, Can I enable Active Directory Premium Features to use Azure AD as an IDP for Federated access to some other environment.

Earlier, for one of my customer, I have bought the Azure AD premium Feature for the Users who were on Azure AD (no On premise Directory Sync here) using the share-Point and office 365. I was able to set the Azure AD as an IDP and using the Saml Authentication was able to give the Federated access to other environment for Azure AD users.

 Now I want to do the same thing for one of my Customer, but in this scenario I dont have the Azure AD users Manually Created or existing in Azure AD, I want to use On-Premise AD (Through AD connect want to sync the users on to Azure AD), use the sharepoint and at the same time I would like to buy the Azure AD premium Licenses for the users coming from on Premise-AD

Please help me to know if this is Possible so that I can propose the plan, its very  urgent.

Thanks,

Owais Mohammed

Answer 1

yes, you can do this after you have configured ADFS in azure ad connect. follwo this link for steps on how to configure:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started-custom/#configuring-federation-with-ad-fs

Answer 2

Hi Support, I was able to Setup the Azure AD Connect and have my On premise Directory Sync on Azure AD, also I was able to set the Azure AD premium Licenses for the users once synced.


I have also tested by purchasing the Licenses for Office 365 and sharepoint, I could authenticate using the on premise AD Credentials.

But the only issue I saw was while configuring the Outlook, it can login with my on premise Domain credentials but on the top it was showing the different suffix, for ex: my on premise domain name is http://contoso.com , I could login to office using user01@contoso.com, but it is visible as user01@.....onmicrosoft.com and when I send the emails to someone it is showing same  user01@.....onmicrosoft.com not the On premise user01@contoso.com. Please let me know if am doing something wrong, I also verified the domain.

Thanks,

Owais

Answer 3

Thanks for your Help Alvaro and Sadiqh !!

Answer 4

Solved, I did not set my  domain as Primary. Successfully authenticated the synced users to other environment using the Saml.

Thanks,

Owais

Answer 5

Hi Alvero and Sadiqh,

I need help to know  up to how many domains we can sync using the AD connect on Azure AD,  if we have multiple tenants can we configure multiple domains on single Azure AD account.

Thanks,

Owais