You want each of your on-premises Active Directory accounts to match an Azure AD account, because the UPN for both accounts must be the same.

The cloud services know only about accounts within Azure AD. It doesn’t matter if you add an account in your on-premises Active Directory. If the account doesn’t exist in Azure AD, it can’t be used.

There are different ways to match your on-premises Active Directory accounts with Azure AD:

Add accounts manually to Azure AD

Create an account on the Azure portal or within the Microsoft 365 admin center. Make sure the account name matches the UPN of the on-premises Active Directory account.

Use the Azure Active Directory Connect tool to synchronize local accounts to your Azure AD tenant

The Azure AD Connect tool provides options for directory synchronization and authentication setup. These options include password hash sync, pass-through authentication, and federation. If you’re not a tenant admin or a local domain admin, contact your IT admin to get Azure AD Connect configured.

Azure AD Connect ensures that your Azure AD UPN matches your local Active Directory UPN. This matching helps if you’re using Analysis Services live connections with Power BI or single sign-on (SSO) capabilities.

Last modified: Sep 29, 2020


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment