2
votes

The documentation for Azure Active Directory B2C states ADConnect can’t be used to migrate users. I believe this is referring to the native store.

“No, Azure AD Connect is not designed to work with Azure AD B2C.” https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs

But can I use ADConnect if I configure Azure Active Directory as an Identity Provider?

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory

1
Obviously, you shouldn't use AAD Connect in B2C tenant. if you just want to migrate your users to AAD, creating a new AAD tenant is a good way. See the difference between B2C and Normal AAD here: stackoverflow.com/questions/51628730/…Wayne Yang

1 Answers

2
votes

If you setup sync to an Azure AD from on-prem AD with AAD Connect, and then connect that AAD as an identity provider to B2C, it will work.

Note you should use another Azure AD tenant for this, OT the one underneath the B2C tenant.

It also works quite nicely at least based on my short testing that if you have a single IdP in the sign-in policy, the B2C pages don't even show up. Of course the first time, users will have to "sign up" to the B2C tenant with their AAD account.

Technically the sentence is correct that you can't migrate users to B2C with AAD Connect, but there is this roundabout way of doing it. Technically the users are not migrated to B2C, but we migrate them to a place where they can be utilized from by B2C.