Domain names mapped by Azure AD are not synced to the ones mapped from Active Directory

Domain names mapped by Azure AD are not synced to the ones mapped from Active Directory

1558
Created On 10/24/24 12:00 PM - Last Modified 10/21/25 11:17 AM


Symptom


Domains mapped by CIE from AzureAD are presented as xxxx.onmicrosoft.com and are not synced with the AD domain used locally.

Environment


  • All PANOS environments
  • Cloud Identity Engine (CIE)
  • Azure Active Directory (Azure AD)

Cause


  • CIE in itself can't rename the domains that are mapped.
  • CIE can only modify the values that are being collected (see Attributes).
  • Domain xxxx.onmicrosoft.com is the default domain that is assigned once the Azure tenant is created.

Resolution


A Custom Domain ID must be created to ensure it matches the Azure AD domain ID used within your local environment.

 

Additional Information


Add-custom-domain

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000scwzCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language