Migrated to Cloud Sync, Need Hybrid AD Join but AAD Connect is in Staging Mode - dont want to double sync

Question

Migrated to Cloud Sync, Need Hybrid AD Join but AAD Connect is in Staging Mode - dont want to double sync

jacol 20

Hello,

We migrated to CloudSync by putting AAD Connect into Staging mode and deployed Cloudsync without issues.

After that, we learned that we have a requirement to enable Hybrid AD join. I understand that CloudSync doesnt support this and to get this done, we need to enable it in AAD Connect. Can I enable Hybrid Azure AD join in AAD Connect, select only the device OUs to sync, and then disable Staging mode to achieve what we want without causing impact? Or will this cause unintended issues?

If it will cause issues, do we need to go back to Azure AD Connect completely? How else can this be done?

Thank you for your time answering this!

Accepted answer

0 additional answers

Your answer

Answer 1

Akhilesh Vallamkonda 15,320 Microsoft External Staff Moderator

Hi @jacol

Thank you for reaching us!

From Your query, I understand that you're ask, about enabling Hybrid Azure AD join in Microsoft Entra Connect after migrating to Cloud Sync and whether enabling Hybrid Azure AD join in Microsoft Entra Connect, selecting only specific device OUs for synchronization, and then disable Staging mode will result in any unintended issues.

To answer your question yes, you can achieve your desired outcome without causing any impact by enabling Hybrid Azure AD join in Microsoft Entra Connect by selecting only the device OUs to sync, and then disabling Staging mode.
When you disable Staging mode, Microsoft Entra Connect will synchronize all of the objects in your Active Directory environment to Microsoft Entra ID. This may take some time, depending on the size of your environment.

You can run cloud sync and Microsoft Entra Connect in the same forest. You can use cloud sync to manage your users and groups and use Microsoft Entra Connect for devices, for example. You may decide to do allow cloud sync to handle 80% and use Microsoft Entra Connect for some of your more obscure, 20% scenarios.

You do not need to completely switch back to Microsoft Entra Connect. Cloud Sync can take care of synchronization of users and groups while AAD Connect can handle device synchronization.

Note: Ensure that not to sync the same objects by both tools at the same time as this can lead to conflicts and error.
Kindly test this migration in a test environment before applying it to your production environment.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/whatis-azure-ad-connect

             [https://learn.microsoft.com/en-us/azure/active-directory/hybrid/common-scenarios#cloud-sync-and-connect-sync-in-parallel](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/common-scenarios#cloud-sync-and-connect-sync-in-parallel)

Thanks,

Akhilesh.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2023-10-23T11:06:28.6466667+00:00

Hi @jacol

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
jacol 20 Reputation points

2023-10-24T14:15:59.64+00:00

Thank you very much for your response. It seems I am on the right track then. The only question that remains is, if Cloudsync is syncing devices now, and then I filter the devices from being synced in cloud sync. Then filter Entra Connect to only sync the devices, do I run any risk of duplicate objects or having any other issues? I currently don't have a lab environment, but its probably best to build one out. Please let me know your thoughts to confirm I wont have duplicate objects if I do this. Thanks again!
jacol 20 Reputation points

2023-10-24T14:27:20.38+00:00

Actually, I see that the Cloud Sync scoping filter is set to All Users. So, to do what i need, I only need to create a device filter in Entra ID Connect, is this correct?
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2023-10-25T11:41:12.9366667+00:00

Hi @jacol

For synchronization timing It's important to coordinate the timing of changes. To prevent conflicts and duplicate data, make sure you stop syncing with Cloud Sync before you start syncing with Entra Connect.

You have the option to use device filters in Microsoft Entra Connect to which devices are synchronized to Microsoft Entra ID. It's also important to know some points which is mentioned in the here.
jacol 20 Reputation points

2023-10-25T14:50:00.9166667+00:00

Thank you very much. This helps me a lot.

Share via

Migrated to Cloud Sync, Need Hybrid AD Join but AAD Connect is in Staging Mode - dont want to double sync

0 additional answers

Your answer