Jun 17 2020 07:43 PM
Hi
My company has Azure AD with users using Office 365 accounts sine quite some time. now we deployed on premises Windows Server Active Directory.
My requirement is to sync Azure AD back to on prmises Windows AD?
Can someone please help if it is possible. if so, then how to do,
Regards
Jun 17 2020 11:19 PM
Hi, so the process of Azure AD connect works only from on-premises to cloud. Whilst it is capable of things like password write back and device writeback, you cannot create users in Azure AD and sync them back to on-premises AD.
What you will need to do is as follows;
1). Ideally install an Exchange on-premises management server to manage attributes as the source of authority is going to be on-premises AD. You can get a free Exchange 2016 hybrid licence key if you have Office 365 Enterprise licences for your users.
2). Setup your on-premises AD objects with the same UPN and SMTP addresses that are set in Azure AD
3). Setup Azure AD connect to use SMTP matching and synchronise your AD to Azure AD.
You can find further information on the process below;
https://gallery.technet.microsoft.com/office/Immutableid-Hard-Match-in-d3518b08
Hope this helps
Mar 15 2021 10:45 AM
Nov 25 2022 08:30 AM
Nov 25 2022 06:51 PM
I would suggest to have your plan first, are you going to authenticate from local AD, or AAD? How about SSO, required? If yes, SSO with AAD or local AD?
Please refer below URL for your planning idea:
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad