Print Server for Azure AD users

Question

Print Server for Azure AD users

Mohamed jihad bayali 1,136

Helo Team,

I hope you're doing fine,

I have a use case and i want to share it with you, to have your ideas

Let's assume i have an on premise active directory domain, in that domain i have printers and print server.

In the other hand i have a tenant in Azure, which contains azure AD users.

Note that there is no sync/Trust relationship between the on-prem domain and the Azure tenant.

My need is that i want my Azure ad users to use the print server, and the printers on my on-prem domain.

For this, i was thinking to sync both directories with both direction (From azure AD to on prem, and from on prem to azure ad), so that the AD users will be acknowldged by the on prem domain, and then can use the ressource of that domain, what do you think ? is the synchronization from the azure to the on prem possible? this sync won't overwrite the existing users on the on prem?

Accepted answer

0 additional answers

Your answer

Answer 1

Michael Durkan 12,236 MVP

Hi

Sync is only possible from On-Premises to Azure AD, it can't happen the other way. If you need to create on-premises identities for Cloud users, run an export using PowerShell or GraphAPI and use the attributes to create the users on-premises. Once you set our Sync up, you can use "soft-matching" to match the identities and passwords:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant

Question on this - you say there is no sync in place at present, do some users have accounts both on-premise and cloud? If so, you can just soft-match these once sync is set up.

Hope this helps,

Thanks

Michael Durkan

If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!

Mohamed jihad bayali 1,136 Reputation points

2023-02-23T19:43:53.68+00:00

Hello Michael,

thank you for the details and for your comment, it’s really helpful

so if i understand well, we can’t synchronize objects from azure ad to ad onprem, but what we can do, is to export the azure ad users, then create them on the onprem domain, and then work with soft matching to link these users with the ones in azure Ad

let’s assume i do this, the workstations that these users are using are joined to azure ad not to the on prem domain, and they can’t be synchonized , as the synchro from azure ad to on prem isn’t possible, so in this case i belive that the users can still use the printers on the ad on prem as they are on the same network and the printers are shared, and they can authenticate with their azure ad accounts (Which are synchronized with the on prem) correct ?

to answer your question, yes some of the users have theor accounts both on azure and on prem domain but not all of them

Share via

Print Server for Azure AD users

0 additional answers

Your answer