![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 82%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
There isn't a Microsoft-provided solution to this at this time. It is recommended to create accounts in on-premises AD first and have them sync to Azure AD. For the current set of users you have, I'd recommend using PowerShell or some other scripting language to pull the list of them and then use that data as a seed to create any accounts missing in on-prem AD.
Standing up MIM to do this sort of backsync from AAD -> AD also is not recommended.
Another alternative, depending on the exact footprint of your tech that is reliant on on-prem AD, would be to use Azure AD Domain Services, which is a managed ADDS instance where user objects are synced from AAD -> AADDS. AADDS can be joined by servers requiring legacy/on-prem auth protocols like LDAP, NTLM and Kerberos, and potentially to file servers as well. I'm not as familiar with the file server scenario with AADDS, so I'd recommend looking into documentation on that one.