Does the Internal Domain need to Match the External Domain Name? Office 365

Does the internal domain need to match the external domain name for Office 365 to work?  The short answer is NO. The long answer is that you will have to to add a UPN suffix that matches your external domain name to Active Directory. You will also have to train your users to login with the compete UPN account address, when logging into the internal domain.


External Domain Name –

Internal Domain Name – office365support.local


Before adding the ADFS and Directory Sync services, we need to add the domain as a UPN suffix to Active Directory.

Adding a UPN Suffix to a Forest

  1. Open Active Directory Domains and Trusts.
  2. Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
  3. On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.
  4. Click Add, and then click OK.


Once this is complete then we have to update the user account

Change the UPN suffix on the user account

  1. Double-click the user name in the search results, and then click the Account tab.
  2. Under User logon name, note the domain part of user logon name. This is known as the UPN suffix.


Now that we have the UPN suffix added to Active Directory and changed on the user account, we can setup ADFS and Directory Sync.

To take advantage of single sign on, the users on the domain will now need to sign into the domain with the complete UPN account name.

Login Name:


This also brings up another best practice from Microsoft.

Keep it simple for the users. Make sure the UPN account name, the email address and the Lync SIP address are all the same.

UPN Account Name –

Email Address –

Lync SIP Address –

Since the the accounts look the same to the end user, make sure they are the same to avoid confusion at the user level.


Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

5 thoughts on “Does the Internal Domain need to Match the External Domain Name? Office 365

  1. roy


    I can see that our organisation uses different UPN suffix for ‘User logon Name’ Attribute in AD than the one in SIP field.
    and this tends to bring confusion most of times for external users.
    is there a way to simplify this issue?



    1. Kelsey EppsKelsey Epps Post author

      This is a common problem and one that isn’t fixed easily. Microsoft does the same thing and it’s really annoying.

  2. Pingback: Office 365 SSO - UPN Suffix Questions

  3. Alain Arnold

    Hi Kelsey

    Thanks for your post. I have a little question for you. In our environments, we use a public domain intern with an Exchange Server 2007. I already created the DNS records in both DNS Server (intern and extern), but outlook doesn’t connect with Exchange Online, it Always connect with our on-premise Exchange. How can i fix this Problem? When I try it extern from out environments it works fine.


Leave a Reply