Share via

Azure AD Connect

Handian Sudianto 4,511 Reputation points
2023-02-01T06:55:16.6533333+00:00

Hello,

Can i know if AD Connect is to sync from on-prem to AAD, from AAD to on-prem or can be both?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,641 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 16,696 Reputation points Microsoft Employee
    2023-02-01T08:08:52.2833333+00:00

    @Handian Sudianto

    Yes, AD connect is always one way sync for objects (users, groups, contacts and devices).

    AD connect syncs objects from on-prem to Azure AD.

    AD connect writebacks only few user attributes from Azure AD to on-prem when exchange hybrid is enabled.

    Also, using AD connect you can writeback few object types like, groups and devices.

    You will have to configure AD connect to enable writeback of users, groups and devices.

    You can go through below articles to enable to same,

    Device writeback: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

    Plan your group writeback: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-v2

    Enabling group writeback: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-enable

    Note: Group writeback option is available only if you have Exchange in your on-premises instance of Active Directory.

    To get more information on how AD connect works, you can refer below article,

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-architecture

    Do let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. Thameur-BOURBITA 32,641 Reputation points
    2023-02-01T08:47:10.35+00:00

    Hi @Handian Sudianto

    The default configuration of Azure adconnect is to sync on-premise AD object to Azure AD.

    In other hand, in order to add some feature additional feature you can enable Device,user and grop writeback on azure adconnect to allow synchronization from AAD to on-premise AD.
    To check the writeback status you run the following command:

    Screenshot of Get-ADSyncAADCompanyFeature cmdlet.

    For more details you can read the following links:

    Azure AD Connect: Enabling device writeback

    Plan for Azure AD Connect group writeback

    Tutorial: Enable Azure Active Directory self-service password reset writeback to an on-premises environment

    Please don't forget to mark helpful answer as accepted