When using Dirsync between your Active Directory and Office 365, it is very useful to be able to use a custom User Principle Name (UPN) so that you can use your email address for sign ins on both sides (rather than having a separate username for Active Directory).
In fact, if you are going to set up single sign on, then this is going to be a requirement. For example, if your local active directory user is email@example.com and your company email address domain is firstname.lastname@example.org, then it is extra convenient be able to sign in both locally and to Office 365 using just your email address.
Set up a custom User Principle Name in Active Directory ready for Office 365
To begin setting this up, log onto a domain controller for the xyz.local domain, open “Active Directory Domains and Trusts”, then within the MMC window, right click on “Active Directory Domains and Trusts” and hit properties. This will open a window that will allow you to add “alternate UPN suffixes”. Add in the UPN suffix of your external domain. In this case, we will add in xyzcorp.com as the suffix.
You will now have to edit all of your users that you will be syncing to use this new UPN (in this example, email@example.com). On the domain controller, open up “Active Directory Users and Computers” and navigate to the users you want to change over. To change each user, double click on them to open their properties, then click to the “account” tab. Next to the “username” box is their suffix (which right now will be @xyz.local). Drop down the box and change it to the new UPN you just created – xyzcorp.com. Do that for all users that will be using ADFS.
Multiple Select of Users in Active Directory
I should mention you can also do this for multiple users at once by selecting all of the users, right clicking, going to “properties”, and then editing the UPN suffix from the mutltiple select properties page.
Now that you have changed the UPN for firstname.lastname@example.org to email@example.com, (and assuming you have dirsync set up and running) you can now sign onto both the Active Directory side and the Office 365 side using the same email address and password.
Much simpler for your users to remember just one logon ID which also happens to be their email address!