Azure AD - users created in portal not syncing with VM users

%3CLINGO-SUB%20id%3D%22lingo-sub-2544164%22%20slang%3D%22en-US%22%3EAzure%20AD%20-%20users%20created%20in%20portal%20not%20syncing%20with%20VM%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544164%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20added%20Azure%20AD%20Domain%20Services%20to%20a%20virtual%20machine%2C%20and%20set%20up%20a%20domain%20controller%2C%20I've%20also%20installed%20AD%20Connect.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20create%20a%20User%20%22Locally%22%20on%20the%20VM%2C%20and%20use%20AD%20connect%20to%20%22force%22%20sync%2C%20the%20user%20is%20added%20to%20my%20my%20AD%20and%20I%20can%20see%20them%20in%20the%20Azure%20Portal.%20However%2C%20I%20cannot%20get%20this%20to%20work%20the%20other%20way%20-%20a%20user%20created%20in%20the%20portal%20doesn't%20ever%20get%20added%20on%20the%20virtual%20machine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20my%20expectations%20wrong%3F%20I%20was%20thinking%20that%20because%20I've%20set%20up%20the%20AD%20Domain%20Services%20and%20Forest%20on%20the%20VM%20for%20the%20domain%20controlled%20in%20the%20Azure%20AD%2C%20it%20would%20work.%20What%20might%20I%20have%20missed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGrateful%20for%20any%20help%20-%20very%20new%20to%20this%2C%20so%20may%20be%20completely%20barking%20up%20the%20wrong%20tree.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2544164%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eazure%20vm%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESSO%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545826%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20-%20users%20created%20in%20portal%20not%20syncing%20with%20VM%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545826%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3EIf%20you%20are%20referring%20to%20the%20sync%20process%2C%20the%20object%20sync%20is%20always%20one%20way.%20That%E2%80%99s%20from%20OnPremises%20AD%20to%20Azure%20AD.%3CBR%20%2F%3EIf%20I%E2%80%99m%20correct%2C%20Azure%20ADDS%20is%20looking%20at%20the%20Local%20AD%20so%20the%20user%20should%20be%201st%20created%20in%20the%20local%20AD%20and%20then%20you%20can%20assign%20permissions%20or%20add%20to%20the%20VM%20by%20using%20Azure%20ADDS.%3CBR%20%2F%3EHope%20this%20helps.%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi,

 

I've added Azure AD Domain Services to a virtual machine, and set up a domain controller, I've also installed AD Connect. 

 

If I create a User "Locally" on the VM, and use AD connect to "force" sync, the user is added to my my AD and I can see them in the Azure Portal. However, I cannot get this to work the other way - a user created in the portal doesn't ever get added on the virtual machine.

 

Are my expectations wrong? I was thinking that because I've set up the AD Domain Services and Forest on the VM for the domain controlled in the Azure AD, it would work. What might I have missed?

 

Grateful for any help - very new to this, so may be completely barking up the wrong tree.

1 Reply
Hi,
If you are referring to the sync process, the object sync is always one way. That’s from OnPremises AD to Azure AD.
If I’m correct, Azure ADDS is looking at the Local AD so the user should be 1st created in the local AD and then you can assign permissions or add to the VM by using Azure ADDS.
Hope this helps.