Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE
SOLVED

Sync Office 365 users to new on premises AD

Copper Contributor

Hello all,

 

We are about to create a new on premises AD domain in a company who already had Office 365, and now they want to manage internal infrastructure. We have found several resources on how to do it, however there are some gray areas:

1. Is there a way, when syncing office 365 users to on prem. to allow the users to keep their (already known) Office 365 password to login to their workstations?

2. What do we need to do after to have Azure AD sync for the local AD and the O365 (keep in mind that we are looking to use the free Azure AD, based on our Office 365 subscriptions).

 

Thanks in advance

 

Best regards

 

K

6 Replies

Sync is one-directional only, *from* on-premises AD to Azure AD. You cannot do it in the other direction. The usual workaround is to export/import the objects via PowerShell or use third-party tools that do the same.

Thank you very much @Vasil Michev 

One area of concern: what happens to Office 365 users that I choose not to sync from on premises AD > Office 365 AD?

To be more specific, I dont need all the users of the Office 365 AD to be a part of the on premises AD, so when I got a csv from Office 365 AD, I did not import all the users in the local AD.

What will happen to those users after the first initial sync? WIll they be deleted from Office 365 AD or remain "cloud-only"?

 

Best regards

 

K

Nothing will be deleted.

Thank you very much @Vasil Michev 

So those users will remain as "cloud-only"?

 

Best regards

 

K

best response confirmed by costasppc (Copper Contributor)
Solution

Yes, unless they get matched with an on-premises object (based on Primary SMTP address/UPN).

Thank you @Vasil Michev 

What I noticed is this: when the user is moved to a non-syncing OU, its moved to Deleted Users of Office 365 after next delta sync. When the user is restored, its password need to be changed in order to become cloud-only.

 

Best regards

 

K

1 best response

Accepted Solutions
best response confirmed by costasppc (Copper Contributor)
Solution

Yes, unless they get matched with an on-premises object (based on Primary SMTP address/UPN).

View solution in original post