Sync Office 365 (AAD) with NEW on premise Active Directory

1
votes

My small company (about 100 users) is currently using Office 365. There have previously not been any domain controller. I am building an on premise domain controller and want to sync it with Azure Active Directory (Office 365). I used the sync service, with a small subset of users to no avail.

My main question: Can you sync FROM an Azure Active Directory to a new on premise Active Directory? My understanding is that it's the opposite - the on premise Active Directory is the "master" if you will. Is there a way to set it up the opposite? As in, Office 365 being the "master" or "seed" for an on premise?

2
active-directoryoffice365azure-active-directory

2 Answers

0
votes

At present, the Azure AD connect support the Password writeback, Group writeback and Device writeback.

You can refer the options features of Azure AD Connect from here.

0
votes

At this point in time, synchronizing users FROM Azure AD to on-premises AD is NOT possible.

As Fei Xue pointed out, there are certain things (such as user passwords, groups and devices) that can be synchronized back to on-prem AD, but not users.

Depending on what you are trying to achieve, Azure Active Directory DS might be worth exploring as it allows you to create a VNet in Azure which has a AD-like support (LDAP, Active Directory domain join, NTLM, and Kerberos authentication).

More info on Azure AD DS: https://azure.microsoft.com/en-us/services/active-directory-ds/