In hybrid architecture is it possible to manage from azure?

Question

Hi,
I have an azure active directory where all my objects had been created, I want to deploy an on prem AD/DS and connect the two in a way that the sync will be from cloud to on prem so that all the management will happen in the cloud and not from on prem.

I managed to find azure ad connect and articles describing how to connect the two and make the on prem AD/DS the management unit and this is not what I want.

is there a way to accomplish my desires?

Thanks! :]

Answer 1

@N D

No, you cannot sync down objects from Azure AD to On-Prem AD using the AD Connect tool. This feature is not available yet.

As a workaround, we can use powershell to export Azure AD users' information to local file, then use that file to create users in on premise AD.

You can refer to the details mentioned here.

Hope this helps.

---------------------------------------------------------------------------------------------------------------------------------------

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

Answer 2

Yes it helps, thanks.
following on that maybe I can get another pointer. my situation and goal is:

• my users, objects, etc are in azure
• I want for these users and objects in azure to have permissions over resources in my on prem
• I do not want to maintain split identities with a different AD on prem
• I do not want to concolidate identities if the management unit AD is on prem

any best practices for this?

Answer 3

The only option you have for AAD being the source of truth, rather than AD, is to use Azure AD Domain Services, which provides domain controllers as a PaaS service. However, AAD DS has some fairly significant limitations, so may not work for you.

Other than that, AD will always be the source of truth.