Home

On prem AD to Azure sync

%3CLINGO-SUB%20id%3D%22lingo-sub-824633%22%20slang%3D%22en-US%22%3EOn%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824633%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20run%20an%20on-premise%202016%20AD%20server%20as%20well%20as%20a%20completely%20separate%20Azure%20AD%20with%200365%20integration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20I%20can%20connect%20the%20two%20with%20the%20%22Azure%20AD%20Connector%22%20tool%20however%20when%20I%20tried%20this%20out%20on%20a%20test%20domain%20I%20found%20that%20it%20duplicated%20entries%20rather%20than%20merge%20existing%20ones%20together.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20so%20that%20I%20can%20merge%20my%20on-premise%20with%20my%20Azure%20so%20that%20I%20have%20a%20single%20management%20pane%20rather%20than%20having%20to%20create%2Fmodify%20users%20in%20two%20separate%20places.%26nbsp%3B%20Ultimately%20my%20aim%20is%20to%20be%20able%20to%20create%20a%20user%20on-prem%20and%20it%20gets%20sync'd%20to%20Azure%20with%20a%20new%20O365%20account%20and%20email%20address%20set%20up%20automatically.%26nbsp%3B%20Is%20this%20possible%20and%20if%20so%20how%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20though%20I%20need%20to%20be%20able%20to%20merge%20the%20two%20databases%20into%20one%20seamless%20operation%20rather%20than%20having%20the%20two%20duplicated%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-824633%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConnector%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EO365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EServer%202016%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-824869%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824869%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20%22match%22%20the%20on-premises%20objects%20against%20already%20created%20cloud%20ones%2C%20you%20have%20two%20options%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1)%20Soft%20match%2C%20based%20on%20SMTP%20address%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2641663%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2641663%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E2)%20Hard%20match%2C%20based%20on%20objectID%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Fpraveenkumar%2Farchive%2F2014%2F04%2F12%2Fhow-to-do-hard-match-in-dirsync.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fblogs.technet.com%2Fb%2Fpraveenkumar%2Farchive%2F2014%2F04%2F12%2Fhow-to-do-hard-match-in-dirsync.aspx%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843821%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843821%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20for%20that%20-%20would%20it%20be%20a%20case%20that%20once%20all%20setup%20and%20working%2C%20I%20would%20be%20able%20to%20create%20a%20new%20user%20on-prem%20(name%2C%20username%2C%20email%20addr)%20and%20when%20the%20sync%20is%20finished%20with%20the%20Connector%20it%20would%20create%20the%20new%20user%20in%20AAD%20and%20create%20a%20new%20inbox%20within%20O365%2FExchange%20Online%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849004%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849004%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20user%2C%20yes.%20The%20mailbox%2C%20depends%20on%20how%20you%20provision%20things%20on-premises%2C%20you%20will%20need%20to%20use%20the%20relevant%20Exchange%20cmdlets.%20Or%2C%20simply%20license%20the%20user%20once%20it's%20created%20in%20O365.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Stuart-Jolley
New Contributor

Hi there,

 

We currently run an on-premise 2016 AD server as well as a completely separate Azure AD with 0365 integration.

 

I know I can connect the two with the "Azure AD Connector" tool however when I tried this out on a test domain I found that it duplicated entries rather than merge existing ones together.

 

Is there any way so that I can merge my on-premise with my Azure so that I have a single management pane rather than having to create/modify users in two separate places.  Ultimately my aim is to be able to create a user on-prem and it gets sync'd to Azure with a new O365 account and email address set up automatically.  Is this possible and if so how?

 

First though I need to be able to merge the two databases into one seamless operation rather than having the two duplicated 

 

Many thanks

 

Stuart

3 Replies

To "match" the on-premises objects against already created cloud ones, you have two options:

 

1) Soft match, based on SMTP address: http://support.microsoft.com/kb/2641663

2) Hard match, based on objectID: http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

@Vasil Michev 

Many thanks for that - would it be a case that once all setup and working, I would be able to create a new user on-prem (name, username, email addr) and when the sync is finished with the Connector it would create the new user in AAD and create a new inbox within O365/Exchange Online?

The user, yes. The mailbox, depends on how you provision things on-premises, you will need to use the relevant Exchange cmdlets. Or, simply license the user once it's created in O365.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies