Sync On-perm AD with existing Azure AD

Alex Tsang 21 Reputation points

Hi all

I have an Azure AD Tenant without AADC now, so all users (around 400) in the Azure AD now are managed by cloud. Now we would like to sync on-perm AD with the Azure AD so users will SSO with on-perm AD password (thru password hash or pass-thru agent). Understand that we can use UPN to do soft match to link object in Azure AD with the on-perm one, but may I know can I do this matching in multiple batches? Say we do per OU (say configure the OU filter in AADC) ? instead of a big band migration? The reason behind is we can do user communication of changing password and support for a small group users in a phase by phase migration.

Best regards

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,597 questions
{count} votes

Accepted answer
  1. Konstantinos Passadis 17,456 Reputation points MVP

    Hello @Alex Tsang !

    Yes, you can definitely configure AADC to synchronize users in multiple batches by filtering on the OU level. This is actually a common practice when migrating users from on-premises AD to Azure AD.

    To achieve this, you can configure OU-based filtering in the Azure AD Connect tool. During the initial configuration, you can specify the "Organizational Unit" option to select the specific OU(s) from which you want to synchronize users to Azure AD.

    Once the initial synchronization is complete, you can change the OU filter in the Azure AD Connect tool to include additional OU(s) and run another synchronization cycle to synchronize the newly added users to Azure AD.

    This way, you can migrate users in phases or batches, and communicate the password change and other migration details to a smaller group of users at a time.

    Kindly mark the answer as Accepted and Upvote in case it helped or post your feedback to help !


0 additional answers

Sort by: Most helpful