Hello,

We have enabled Self-Service Password reset for a few contractor accounts on one of our sub domains and one of the requirements is the user to have an Alternate Email Address.  It appears that when a user attempts to access the password reset page they get a message stating that "We Cound Not Verify Your Account". 

When I go into the Azure AD portal, for that particular user account, I see that the Alternate EMail Address field in blank.  If I input an e-mail address in there, then the user is able to proceed with the Self-Service Password reset.

Is there a way to have the Alternate EMail Address field in Azure AD populated from the targetAddress field from our on-prem AD?  The targetAddress in our on-prem AD contains the users "Alternate EMail Address".

I am assuming AzureAD Sync could do it, I am just not familiar with creating custom mappings from on-prem to Azure AD.

Appreciate any feedback or suggestions.