question

cosimomercuro-9702 avatar image
0 Votes"
cosimomercuro-9702 asked cosimomercuro-9702 answered

Syncronize Azure AD account with local on premise AD DC

Hi.
Our organization has about 500 microsoft user account definied on Office 365 and Azure AD.
At the same time we'd like to deploy a local (on premise) domain controller that allows to all Office 365 users to login to organization's internal machine, all joined to the local AD domain.
I know that if I create an account on on premise DC, via AD connect, I can syncronize it with Azure AD but is it possible the opposite that is to "import" and sycronize all Office 365 Azure AD accounts with the local AD?
I hope I have been clear.
Any idea?
thansk in advance

azure-ad-connectazure-ad-user-provisioning
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

michev avatar image
1 Vote"
michev answered

No, sync is one-way only, from on-premises to Azure AD. You can use PowerShell or the Graph API to export a list of users/objects and import them in your newly created AD though, there are plenty of threads here and on other communities that go over the process - look them up.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cosimomercuro-9702 avatar image
0 Votes"
cosimomercuro-9702 answered michev commented

HI michev, thanks for your reply.
I've just downloaded all Azure AD (Office 365) users.
The question is:
If I change the account's password on on-premise from a PC in the local (on-premise) domain, this password will be changed even in the Office 365 cloud but, if I change the account's password directly from Office 365 cloud, will be this change refelected on the on-premise local domain?
In other words, when I'll login on a domain client on the on-premise local network may I'll use the new password directly changed on the cloud?
Any idea?
Thanks in advance

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image michev ·

Passwords are kept separate, unless you configure features such as Password Hash Sync or change the authentication method altogether. All detailed in the documentation, which you should thoroughly review before jumping into this. Here's a good starting point: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity

0 Votes 0 ·