Home

On prem AD to Azure sync

%3CLINGO-SUB%20id%3D%22lingo-sub-824633%22%20slang%3D%22en-US%22%3EOn%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824633%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20run%20an%20on-premise%202016%20AD%20server%20as%20well%20as%20a%20completely%20separate%20Azure%20AD%20with%200365%20integration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20I%20can%20connect%20the%20two%20with%20the%20%22Azure%20AD%20Connector%22%20tool%20however%20when%20I%20tried%20this%20out%20on%20a%20test%20domain%20I%20found%20that%20it%20duplicated%20entries%20rather%20than%20merge%20existing%20ones%20together.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20so%20that%20I%20can%20merge%20my%20on-premise%20with%20my%20Azure%20so%20that%20I%20have%20a%20single%20management%20pane%20rather%20than%20having%20to%20create%2Fmodify%20users%20in%20two%20separate%20places.%26nbsp%3B%20Ultimately%20my%20aim%20is%20to%20be%20able%20to%20create%20a%20user%20on-prem%20and%20it%20gets%20sync'd%20to%20Azure%20with%20a%20new%20O365%20account%20and%20email%20address%20set%20up%20automatically.%26nbsp%3B%20Is%20this%20possible%20and%20if%20so%20how%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20though%20I%20need%20to%20be%20able%20to%20merge%20the%20two%20databases%20into%20one%20seamless%20operation%20rather%20than%20having%20the%20two%20duplicated%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-824633%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConnector%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EO365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EServer%202016%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-824869%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824869%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20%22match%22%20the%20on-premises%20objects%20against%20already%20created%20cloud%20ones%2C%20you%20have%20two%20options%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1)%20Soft%20match%2C%20based%20on%20SMTP%20address%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2641663%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2641663%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E2)%20Hard%20match%2C%20based%20on%20objectID%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Fpraveenkumar%2Farchive%2F2014%2F04%2F12%2Fhow-to-do-hard-match-in-dirsync.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fblogs.technet.com%2Fb%2Fpraveenkumar%2Farchive%2F2014%2F04%2F12%2Fhow-to-do-hard-match-in-dirsync.aspx%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843821%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843821%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20for%20that%20-%20would%20it%20be%20a%20case%20that%20once%20all%20setup%20and%20working%2C%20I%20would%20be%20able%20to%20create%20a%20new%20user%20on-prem%20(name%2C%20username%2C%20email%20addr)%20and%20when%20the%20sync%20is%20finished%20with%20the%20Connector%20it%20would%20create%20the%20new%20user%20in%20AAD%20and%20create%20a%20new%20inbox%20within%20O365%2FExchange%20Online%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849004%22%20slang%3D%22en-US%22%3ERe%3A%20On%20prem%20AD%20to%20Azure%20sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849004%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20user%2C%20yes.%20The%20mailbox%2C%20depends%20on%20how%20you%20provision%20things%20on-premises%2C%20you%20will%20need%20to%20use%20the%20relevant%20Exchange%20cmdlets.%20Or%2C%20simply%20license%20the%20user%20once%20it's%20created%20in%20O365.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Stuart-Jolley
New Contributor

Hi there,

 

We currently run an on-premise 2016 AD server as well as a completely separate Azure AD with 0365 integration.

 

I know I can connect the two with the "Azure AD Connector" tool however when I tried this out on a test domain I found that it duplicated entries rather than merge existing ones together.

 

Is there any way so that I can merge my on-premise with my Azure so that I have a single management pane rather than having to create/modify users in two separate places.  Ultimately my aim is to be able to create a user on-prem and it gets sync'd to Azure with a new O365 account and email address set up automatically.  Is this possible and if so how?

 

First though I need to be able to merge the two databases into one seamless operation rather than having the two duplicated 

 

Many thanks

 

Stuart

3 Replies

To "match" the on-premises objects against already created cloud ones, you have two options:

 

1) Soft match, based on SMTP address: http://support.microsoft.com/kb/2641663

2) Hard match, based on objectID: http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

@Vasil Michev 

Many thanks for that - would it be a case that once all setup and working, I would be able to create a new user on-prem (name, username, email addr) and when the sync is finished with the Connector it would create the new user in AAD and create a new inbox within O365/Exchange Online?

The user, yes. The mailbox, depends on how you provision things on-premises, you will need to use the relevant Exchange cmdlets. Or, simply license the user once it's created in O365.

Related Conversations
Calendar not available for older AD accounts
_jancis in Microsoft Teams on
0 Replies
Azure Files with adfs
Stephane KLOIS in Azure on
0 Replies
OneDrive date modified without changing the file
RahamimL in OneDrive for Business on
4 Replies
OneDrive stuck on "getting in sync" icons
Susan McClements in OneDrive for Business on
46 Replies
Custom max size file limit?
Americo Perez in OneDrive for Business on
5 Replies