Azure AD Connect: Synchronize online to on-prem

RELIANET 1 Reputation point
2020-11-24T13:25:55.857+00:00

Hello,

I have the following situation, I have an customer that already has office 365 and a new active directory on Prem will be setup.
I already know that the AD connect only synchronizes on-way.

https://www.slashadmin.co.uk/how-to-sync-an-existing-office365-tenant-into-a-new-active-directory-domain/

And most likely will have to do something like the above(maybe powershelgl scripts)

Is there another way to accomplish this using AD connect tool?

Tnx.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,449 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 24,481 Reputation points Microsoft Employee
    2020-11-25T21:22:51.787+00:00

    From @Vasil Michev :

    synchronization is one-way, from AD to Azure AD/Office 365. There are only few attributes that can be written back, and that's mostly for Hybrid configurations, and passwords if you have the corresponding feature (and licenses) enabled.

    There is no built-in functionality that syncs users from Azure AD to on-premises AD. If that's what you are after, you can simply export the list of users via PowerShell (Get-MsolUser/Get-AzureADUser) or the Graph API, along with any relevant attributes, then use the exported data to recreate them in AD (again, PowerShell helps). You cannot export passwords. Once the export/import is done, you can "match" the on-premises users with the cloud ones and give them the SSO experience. The process is known as soft-match: https://support.microsoft.com/en-us/help/2641663/use-smtp-matching-to-match-on-premises-user-accounts-to-office-365

    Hope this helps!

    Best,
    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.