Hero Banner

Modern Workplace Discussions

Discuss best practices related to Security, Teamwork and Unified Endpoint Management (Microsoft 365).

Visitor 1

Existing in-production 365 Tenant - new domain Identity Control options

Organization has a existing 365 tenant, and is actively using 365. Now introducing a domain, and want to have a directory syncronization with current 365 accounts. 

It is my understanding that Azure AD Connect (sic) is only *supported* in a Hybrid environment (understanding there are ways for it to work, but not supported). 

Is that correct? 

Since the customer's main driver is to streamline the password syncronization -  (if we have to create users in both 365 and locally that may be ok) - will pass through authentication work? 

Seems like everything I read is about the planning before hand, but what options are there for already exisiting 365 accounts (or maybe accounts that are 'new' but are either cutover or IMAP deployments, i.e. Other than Hybrid)?  3rd Party? Or..?

(appreciating the pros of hybrid - there are a number of small businesses which simply do not have the ability to do so). Thanks. 



@OSGDan Why do they introduce a local domain?

Adding AAD Connect Sync with existing accounts works well, see: Azure AD Connect: When you already have Azure AD | Microsoft Docs

Pass-Through can also work. I'd recommend to open a ticket in Technical Presales & deployment services to get more guidance on the specific scenario, see my signature on how to raise a ticket.


Kind regards, Janosch
Receive consultations via Technical Presales and Deployment Services team
Level 1 Contributor

Hi there,

If you want to perform a safe and secure Office 365 tenant to tenant migration step by step, then read this comprehensive guide to know the best practices, issues, needs, premigration steps, and post-migration steps to execute the entire task without getting into the technicalities of PowerShell scripts.