Oct 24 2020 08:03 AM
Oct 24 2020 08:03 AM
We are having Hybrid environment our AD server will be sync using Azure connector to Azure AD, and we have OUs for each branch,
Is their any way we can Connect on-prem AD server to create a user so that it can directly added to On-prem then after sync it should appear in Azure AD
Oct 25 2020 11:07 AM
Oct 27 2020 05:34 AM
@Thijs Lecomte is there any connector for AD server like SQL we have in powerapps?
actually i am using powerapp for creating new user accounts, when creating users it directly added in to my Azure, instead i wanted the account to be create in on-prem AD server, then the dir sync will propagate the user in the Azure. hope this is clear for you. or API is a must..
Oct 27 2020 05:44 AM
@Syed Rabbani I am not sure about PowerApps. However, you can use PowerShell script to create user on premises and then sync to Azure AD. Look at below examples for more info
Oct 29 2020 11:23 AM
I think for your case, you need to look into Azure Automation and Hybrid Workers
Oct 30 2020 04:43 AM
Hi @Syed Rabbani ,
I assume you are aware that the synchronization between on-prem AD (source) and Azure AD (target) using AAD Connect is (predominantly) a one-way sync. You still have a possibility to create identities directly in AAD (Portal, PowerShell, API), but these are "cloud-only", and they won't show up in your on-prem AD.
Most enterprises have some 'Identity and Access Management' system on-prem, where typically an HR system is a source of user information and the IAM system is creating respective user accounts (and groups) in AD, which in turn is synced to AAD (should you choose to configure it this way).
If your question was about creating those "source" identities in AD, then apart from some integration with another source system (as I mentioned above) you have traditional options like MMC console, and Active Directory PowerShell.
You could use Azure Automation with Hybrid Runbook Worker and have a runbook in place that would (pending it has appropriate rights in your AD) create new accounts in AD (and AADC would sync it afterwards to AAD), but the remaining question is: what would be the data source for such automation? The runbook would need some input about user properties that you would need to provide.
How are you planning to handle this part?