Forum Discussion

Piotr-Alpha's avatar
Piotr-Alpha
Copper Contributor
Jul 06, 2021

Azure Active Directory to Azure AD Domain Services migration/synchronization

Hi,

I have 50 users in Office 365/Azure Active Directory. Because of new system which we introduce, I need to migrated or somehow sync existing Office 365 users to Azure AD Domain Services. I've tried to find any documentation about this scenario but for some reason wasn't able. Can somebody advise me if this is possible and what is involved please?

  • pvanberlo's avatar
    pvanberlo
    Jul 06, 2021
    Correct. One way. From Azure AD to Azure AD DS.

    So if you’re in a hybrid environment your sync will run from AD DS -> Azure AD using AAD Connect and using the one way sync from Azure AD to Azure AD DS.

    Key is that those hashes need to be available. And if the user already exists in AAD DS you would have to force the password hash to be synced again from AD DS to AAD.
  • pvanberlo's avatar
    pvanberlo
    Steel Contributor
    Synchronization (one-way) between Azure AD and Azure AD DS happens automatically. For existing users, it is triggered once a user change their password, since this would also generate the required Kerberos and NTLM hashes which should be stored in Azure AD DS. For newly added users after Azure AD DS is enabled, these hashes will automatically be created when the new user is added.
    • Piotr-Alpha's avatar
      Piotr-Alpha
      Copper Contributor
      Hi Paul,
      Thank you for your reply.
      Do I understand correctly that synchronization works opposite way than AD to O365? I mean, I create user in Office 365 (Azure AD) and then it is sync back to Azure ADDS? And there is nothing really else what I need to do to get Office 365 existing users back to AADDS?
      • pvanberlo's avatar
        pvanberlo
        Steel Contributor
        Correct. One way. From Azure AD to Azure AD DS.

        So if you’re in a hybrid environment your sync will run from AD DS -> Azure AD using AAD Connect and using the one way sync from Azure AD to Azure AD DS.

        Key is that those hashes need to be available. And if the user already exists in AAD DS you would have to force the password hash to be synced again from AD DS to AAD.

Resources