Provision user accounts from Azure Active Directory to local Active Directory

Tor André Solbakken 0 Reputation points
2023-03-09T13:08:46.76+00:00

Hi All,

I have been banging my head for many days now and can't find a solution.

What we want to achieve is the possibility to provision users from Azure AD to local Active Directory.

We need a tool/service/App or whatever that can take all the user accounts that exist in our tenant and provision those users to the local Active Directory, new users will never be created locally (but we will soft match those who already exist).

Azure AD Connect, Azure AD Cloud sync will not work for the provisioning part, maybe we will use those later to delete the cloud user, but if Azure AD can be the big boss that is the preferred approach.

The reason why we need local AD is because we already have a lot of apps/files etc that is not in scope for the project, maybe it can be in another project later.

I had a look at https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/sync-scim , maybe this can work, but I am not sure, and it is time consuming to read a lot and find out that this is the wrong approach.

What about MIM 2016 (extended support to 2029) can that software achieve this?

See my beautiful image below.

Whiteboard

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,448 questions
Azure Active Directory Domain Services
Azure Active Directory External Identities

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 3,876 Reputation points Microsoft Employee
    2023-03-13T11:24:21.7266667+00:00

    Hello Tor André Solbakken

    Thank you for posting your query on Microsoft Q&A. As per current design we don't have a way to do a user writeback from Azure AD to On-Prem AD.

    However our product group is aware about the request, but have no timelines on when this feature would be available or would be on roadmap.

    You could upvote and share your comments with business requirement here as our team has visibility to the feedback or post a new idea.

    But we have a group write back option for Cloud Groups. Group writeback allows you to write cloud groups back to your on-premises Active Directory instance by using Azure Active Directory (Azure AD) Connect sync. You can use this feature to manage groups in the cloud, while controlling access to on-premises applications and resources.

    As this is in preview kindly validate the limitations.

    Please do let me know if you have any further queries for same.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion answers your query. This will help us and others in the community as well.