On-prem AD account creation in a Hybrid Enivornment

Question

We are having Hybrid environment our AD server will be sync using Azure connector to Azure AD, and we have OUs for each branch,

Is their any way we can Connect on-prem AD server to create a user so that it can directly added to On-prem then after sync it should appear in Azure AD

thijs lecomte · Answer

Not sure what the question is here?You can specify filter settings with AAD Connect. Every user will be sync'ed to AAD.You need to create the user in AD first before it syncs to AAD

syed rabbani · Answer

Thijs Lecomte&nbsp; is there any connector for AD server like SQL we have in powerapps?actually i am using powerapp for creating new user accounts, when creating users it directly added in to my Azure, instead i wanted the account to be create in on-prem AD server, then the&nbsp; dir sync will propagate the user in the Azure. hope this is clear for you. or API is a must..

arpit720 · Answer

Syed Rabbani&nbsp;I am not sure about PowerApps. However, you can use PowerShell script to create user on premises and then sync to Azure AD. Look at below examples for more infohttps://gallery.technet.microsoft.com/office/Onboarding-New-Users-in-an-706f5efd#contenthttps://www.itpromentor.com/bulk-hybrid-user/&nbsp;

thijs lecomte · Answer

Syed Rabbani&nbsp;I think for your case, you need to look into Azure Automation and Hybrid Workershttps://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker

pazdedav · Answer

Hi&nbsp;Syed Rabbani&nbsp;,&nbsp;I assume you are aware that the synchronization between on-prem AD (source) and Azure AD (target) using AAD Connect is (predominantly) a one-way sync. You still have a possibility to create identities directly in AAD (Portal, PowerShell, API), but these are "cloud-only", and they won't show up in your on-prem AD.&nbsp;Most enterprises have some 'Identity and Access Management' system on-prem, where typically an HR system is a source of user information and the IAM system is creating respective user accounts (and groups) in AD, which in turn is synced to AAD (should you choose to configure it this way).&nbsp;If your question was about creating those "source" identities in AD, then apart from some integration with another source system (as I mentioned above) you have traditional options like MMC console, and Active Directory PowerShell.&nbsp;You could use Azure Automation with Hybrid Runbook Worker and have a runbook in place that would (pending it has appropriate rights in your AD) create new accounts in AD (and AADC would sync it afterwards to AAD), but the remaining question is: what would be the data source for such automation? The runbook would need some input about user properties that you would need to provide.&nbsp;How are you planning to handle this part?&nbsp;

Forum Discussion

On-prem AD account creation in a Hybrid Enivornment

5 Replies

Resources