What happened to Alias writeback from AzureAD to Onsite AD?

Sean Chestnut 1 Reputation point
2021-11-19T16:17:08.213+00:00

So, I've been working with ADSync for awhile now and took a little bit of a hiatus from the field, but upon returning it seems there are some features missing from AD Connect that used to work without issue.

First and foremost, I'm very aware that User Writeback has been removed as a feature, but in the last year I've setup at least 3 different clients wherein User Writeback would have been incredibly handy. Why was this removed? It was originally stated that it was going to be a temporary removal, do we know when we are going to see User Writeback as a feature for AD Connect again?

Second, what happened to being able to create Aliases in O365 and write the proxyAddress back to Local AD? This was a feature that was available at one point and time. I believe I have a few clients left that still have that feature available to their systems, but it seems newer setups are missing this feature even if they have exchange hybrid environments. Am I missing something key? Did I misconfigure a setting somewhere or is this no longer available due to the disabled User Writeback feature.

My concern on these topics is that I have a couple environments where the clients would like to be able to manage most things through Azure AD but also wish to maintain an on-prem environment for device management and Group Policy.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,840 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,443 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2021-11-19T18:56:32.403+00:00

    As you mentioned, the user writeback feature that was used in the previous builds was a preview feature and was removed in 2015 due to a variety of issues with it. (I'm not sure what all of those were, but I suspect it had to do with attribute mapping and keeping the source of truth for the user attributes in one place.)

    One workaround which you may have heard about is to create a PowerShell script that scans Azure AD regularly, finds the users in Azure, and then creates an on-premises user with the attributes in AAD. (There is an example of this here from Peter Stapf, if you haven't seen this yet.)

    I've pushed your request to the Azure AD Connect team to see if they have an update about whether this will be supported in the future. I haven't heard of any recent plans for this, though it has been requested frequently. I will let you know what they say.

    0 comments
  2. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2021-11-20T00:15:42.2+00:00

    Update from the product group: we are currently working to enable user writeback. There isn't an official ETA, but it's being actively worked on and should come in the near future.

    Hope this helps!