Microsoft Azure AD provides extensive set of features and many organization looking at it as an opportunity for IAM solutions. However, organizations are leveraging it with Microsoft cloud offerings and syncing their on-premises identities with Microsoft Azure AD. (Note: If you want to know more about “how to sync on-premises AD with Azure AD”, look at #AzureAD : Azure AD Connect.)
When any organization does this kind of implementation, they always try to make sure that end-user will not have any affect. When you sync your on-premises AD with Azure AD, you observe that the username (original UPN) changes to username@<uniquedomainname>.onmicrosoft.com but this change impact the user behavior.
Look at the “Initial domain name” that becomes <initialdomainname.onmicrosoft.com>
Because of this change, your user has to remember one more UPN (user principle name). To avoid these complexity, you can use custom domain name features in Azure AD.
Login to Azure AD Portal https://aad.portal.azure.com
Go to the Azure Active Directory.
Go to the Custom domain names.
Now, you can observe that there are two domain names. First one is your on-premises domain name (in my scenario: insidemstech.local) and another one your Azure AD custom domain name (in my case: insidemstechaad.onmicrosoft.com). If you can recall your hybrid configuration, you had observer “Not Verified” status in Azure AD sign-in configuration wizard.
Look, how does it appears in Azure AD Connect configuration.
Now, if it is your public domain name and DNS records exist for this domain, then you can just click on your on-premises domain name and can verify this domain by using TXT record.
Once, you are done with the verification then status of your on-premises domain name will change from unverified to verified and now your users can use the same on-premises UPN to login to the cloud services.