Sync Azure AD to onPremise AD (user properties)

%3CLINGO-SUB%20id%3D%22lingo-sub-309331%22%20slang%3D%22en-US%22%3ESync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309331%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EIs%20it%20with%20AD%20connect%20possible%20to%20use%20Azure%20AD%20as%20Master%3F%20%26nbsp%3BSo%20I%20like%20to%20do%20all%20AD%20operations%20in%20Azure%20Ad%20and%20AD%20connect%20will%20sync%20it%20into%20the%20onPremise%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-309331%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-323441%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-323441%22%20slang%3D%22en-US%22%3EHi%2C%20do%20you%20know%20if%20in-bound%20user%20provisioing%20to%20AD%2FAAD%20is%20coming%20to%20SAP%20SucessFactors%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309688%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309688%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20your%20responds%20and%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20change%20mostly%20everything%20in%20the%20onPremise%20AD.%3C%2FP%3E%3CP%3EBut%20I%20like%20the%20Azure%20AD%20UI%20and%20like%20to%20work%20in%20modern%20UI.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F64821iA4FEF355835EAC30%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%222019-01-07%2013_47_53-test%20-%20Azure%20Active%20Directory%20admin%20center.png%22%20title%3D%222019-01-07%2013_47_53-test%20-%20Azure%20Active%20Directory%20admin%20center.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThe%20fields%20greed%20out%20in%20the%20screenshot%20I%20like%20to%20edit%20and%20sync%20the%20information%20back%20into%20the%20onPremise%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309485%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309485%22%20slang%3D%22en-US%22%3E%3CP%3EEnter%20AAD%20Connect%20Provisioning%20Agent%20%3Asmiling_face_with_smiling_eyes%3A%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20use%20this%20feature%2C%20you%20need%20Azure%20AD%20P1%20and%20a%20Workday%20subscription.%20Please%20note%2C%20this%20feature%20is%20currently%20in%20preview.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%E2%80%9CThe%20Azure%20Active%20Directory%20user%20provisioning%20service%20integrates%20with%20the%20Workday%20Human%20Resources%20API%20in%20order%20to%20provision%20user%20accounts.%20Azure%20AD%20uses%20this%20connection%20to%20enable%20the%20following%20user%20provisioning%20workflows%3A%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CEM%3EProvisioning%20users%20to%20Active%20Directory%20-%20Synchronize%20selected%20sets%20of%20users%20from%20Workday%20into%20one%20or%20more%20Active%20Directory%20domains.%3C%2FEM%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CEM%3EProvisioning%20cloud-only%20users%20to%20Azure%20Active%20Directory%20-%20In%20scenarios%20where%20on-premises%20Active%20Directory%20is%20not%20used%2C%20users%20can%20be%20provisioned%20directly%20from%20Workday%20to%20Azure%20Active%20Directory%20using%20the%20Azure%20AD%20user%20provisioning%20service.%3C%2FEM%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CEM%3EWriteback%20of%20email%20addresses%20to%20Workday%20-%20The%20Azure%20AD%20user%20provisioning%20service%20can%20write%20the%20email%20addresses%20of%20Azure%20AD%20users%20back%20to%20Workday.%E2%80%9D%3C%2FEM%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fuser-provisioning%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fuser-provisioning%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fworkday-inbound-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fworkday-inbound-tutorial%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F64781i5041807DFBD19439%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22wd_overview.png%22%20title%3D%22wd_overview.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CEM%3EIf%20you%E2%80%99ve%20found%20this%20post%20helpful%2C%20please%20click%20the%20%3CSTRONG%3ELike%3C%2FSTRONG%3Ebutton.%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309417%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309417%22%20slang%3D%22en-US%22%3EI%20belive%20he%20has%20an%20normal%20ad%20-%26gt%3Badconnect-%26gt%3BAAD%20infrastructure%20and%20just%20wanted%20to%20switch%20around%20the%20management%20role%20aka%20handling%20users%20from%20AAD%20then%20sync%20to%20AD!%20This%20wouldn%E2%80%99t%20change%20with%20having%20AD%20in%20Azure!%3CBR%20%2F%3EYour%20scenario%20is%20something%20I%E2%80%99d%20like%20to%20setup%20soon%20though%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309381%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309381%22%20slang%3D%22en-US%22%3EMight%20I%20ask%20the%20use%20case%20of%20fhis%20requirement%3F%20By%20the%20way%2C%20the%20answer%20here%20is%20not%20to%20use%20AD%20Connect...you%20should%20thing%20on%20an%20architecture%20where%20you%20have%20an%20AD%20deployed%20in%20the%20Cloud%20(in%20Azure)%2C%20synchornized%20from%20there%20to%20Office%20365%20and%20them%20have%20a%20domain%20controller%20OnPremises%20that%20is%20joined%20to%20your%20Cloud%20AD%20deployment%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309333%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Azure%20AD%20to%20onPremise%20AD%20(user%20properties)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309333%22%20slang%3D%22en-US%22%3ENo%2C%20this%20isnt%20possible!%20You%20fo%20have%20writeback%20features%20like%20password%20writeback%20and%20group%20writeback%20which%20Will%20sync%20back%20to%20Active%20directory%20but%20otherwise%20this%20is%20not%20possible%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hello,

Is it with AD connect possible to use Azure AD as Master?  So I like to do all AD operations in Azure Ad and AD connect will sync it into the onPremise AD.

 

Regards

Stefan

6 Replies
Highlighted
No, this isnt possible! You fo have writeback features like password writeback and group writeback which Will sync back to Active directory but otherwise this is not possible

Adam
Highlighted
Might I ask the use case of fhis requirement? By the way, the answer here is not to use AD Connect...you should thing on an architecture where you have an AD deployed in the Cloud (in Azure), synchornized from there to Office 365 and them have a domain controller OnPremises that is joined to your Cloud AD deployment
Highlighted
I belive he has an normal ad ->adconnect->AAD infrastructure and just wanted to switch around the management role aka handling users from AAD then sync to AD! This wouldn’t change with having AD in Azure!
Your scenario is something I’d like to setup soon though :)

Adam
Highlighted

Enter AAD Connect Provisioning Agent :smiling_face_with_smiling_eyes:

 

To use this feature, you need Azure AD P1 and a Workday subscription. Please note, this feature is currently in preview.

 

“The Azure Active Directory user provisioning service integrates with the Workday Human Resources API in order to provision user accounts. Azure AD uses this connection to enable the following user provisioning workflows:

 

 

  • Provisioning users to Active Directory - Synchronize selected sets of users from Workday into one or more Active Directory domains.

 

  • Provisioning cloud-only users to Azure Active Directory - In scenarios where on-premises Active Directory is not used, users can be provisioned directly from Workday to Azure Active Directory using the Azure AD user provisioning service.

 

  • Writeback of email addresses to Workday - The Azure AD user provisioning service can write the email addresses of Azure AD users back to Workday.”

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/user-provisioning

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial

 wd_overview.png

If you’ve found this post helpful, please click the Like button.

Highlighted

Thanks for your responds and help.

 

I can change mostly everything in the onPremise AD.

But I like the Azure AD UI and like to work in modern UI.

2019-01-07 13_47_53-test - Azure Active Directory admin center.png

The fields greed out in the screenshot I like to edit and sync the information back into the onPremise AD.

 

Regards

Stefan

Highlighted
Hi, do you know if in-bound user provisioing to AD/AAD is coming to SAP SucessFactors?