Share via

Hybrid Azure Active Directory

Beau Krebs - Netregie 20 Reputation points
2023-01-20T07:35:18.3733333+00:00

Hello, I have a question about a hybrid solution for Azure Active Directory. Is it possible to use Azure AD as the master in the hybrid solution? So the Azure AD is the primary, main AD and not the normal AD

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-01-20T07:52:59.7366667+00:00

    Hi,

    In hybrid solution , you have two option to create and manage user identity in azure:

    • Create cloud only user account. User will be able to access on cloud service without need a account in active directory. This user account can be managed from azure portal
    • Install adconnect server , then create user account in on-premise AD. After Adconnect synchronization ,the user account in azure will be created automatically for this user based on his account in on-premise AD. In this case , if you want modify synchronized user account in azure AD , you can't use azure portal , you can do it only from o-premise AD

    Please don't forget to mark heplful asnwer as accepted

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Santhi Swaroop Naik Bukke 595 Reputation points
    2023-01-20T18:18:27.5966667+00:00

    Yes, it is possible to use Azure Active Directory (Azure AD) as the master in a hybrid solution. This is known as an Azure AD Domain Services (AADDS) master, where Azure AD is the authoritative source for user and group identities, and it is used to authenticate on-premises resources.

    When you configure AADDS, it creates a managed domain in Azure AD, and it provides a set of Group Policy objects that you can use to manage the on-premises computers. The user and group identities in Azure AD are used to authenticate and authorize access to the on-premises resources.

    To use Azure AD as the master in a hybrid solution, you would need to:

    • Create an Azure AD tenant
    • Enable Azure AD Domain Services
    • Configure your on-premises domain controllers to trust the managed domain created by Azure AD Domain Services
    • Create user and group identities in Azure AD, and
    • Use Azure AD to authenticate and authorize access to the on-premises resources

    It is important to note that this solution requires a hybrid setup and an on-premises infrastructure to be in place and that it's recommended to have a good understanding of the solution and its requirements before implementing it.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.