I've been looking for an answer to this here and in other places, but I can't seem to find one.
I have a client with a single on-prem Active Directory domain. One forest, one domain. There are other on-prem servers which use it for authentication. Client software also uses AD for authentication.
I am setting them up with Office 365 for e-mail and other services, and I don't want them to have to manage their domain and Azure accounts separately. I'll be using Azure AD to keep them in sync.
The on-prem domain uses a subdomain of the company's public domain (i.e. ad.company.com) which is not in the public DNS record, and I want their e-mail addresses and Azure accounts to be person@company.com. Is there something special I need to do for this to work? Are there any pitfalls I need to be aware of?
Thanks!
Best Answer
No. It just works. It's not uncommon for organisations to have different DNS namespaces for their AD and SMTP domains so you're not on your own here.
There's literally no trick or workaround required, just set it up and it works. In our org we synced from a DC in a child domain to Azure and Office 365 for mail. We have another domain in the forest also doing the same. Their domain is at least in the same namespace as the SMTP domain (even though it's not the same sub-domain), ours isn't in in the same namespace. Both work fine.
There are some other considerations if you have a setup like this (i.e. multiple tenants in the same forest), but for what you're doing it sounds like it's not going to be a problem.
TL;DR it's not even a consideration. It will be fine.