Azure AD Connect - sync issue

tff 20 Reputation points
2024-03-21T07:46:59.78+00:00

Hello all,

I recently configured a management server for the first time and configured Azure AD Connect v2. The sync from the local AD to Azure looks good, for example, if I create a user or group in the local AD the sync to Azure is fine. My issue is, when I do this in Azure the sync doesn't work in this way and I don`t see any user/group recently created in the local AD. I found there a Synchronization Rules Editor app but I am not 100% sure what rule I need to add or change and I don't want to delete some data.

Thanks in advance T.F.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,547 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,796 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 32,591 Reputation points Microsoft Employee
    2024-03-21T09:34:02.27+00:00

    @tff Thank you for reaching out to us, As I understand you would like to know whether sync flow from Entra ID to on-premise is possible not.

    Its not possible to have sync from Entra id to on-premise, sync is possible only from on-premise AD to Azure AD for now.

    Microsoft Entra Connect Sync server - An on-premises computer that runs the Microsoft Entra Connect sync service. This service synchronizes information held in the on-premises Active Directory to Microsoft Entra ID. For example, if you provision or deprovision groups and users on-premises, these changes propagate to Microsoft Entra ID. - https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad#:~:text=on%2Dpremises%20users.-,Microsoft%20Entra%20Connect%20Sync%20server,-.%20An%20on%2Dpremises

    Refer to this QnA post - https://learn.microsoft.com/en-us/answers/questions/455000/bi-directional-sync-using-azure-ad-connect

    There is however writeback capabilities for Office 365 groups: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback

    and attributes /passwords depending on what options are configured:

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized#exchange-hybrid-writeback

    Any specific reason/scenario you are trying to achieve by creating users in Entra id and sync it back to on-premise AD?

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.


1 additional answer

Sort by: Most helpful
  1. Yanhong Liu 9,830 Reputation points Microsoft Vendor
    2024-03-22T02:44:18.8333333+00:00

    Hello tff,

    Good day!

    Azure AD Connect v2 is primarily used to synchronize on-premises Active Directory (AD) to Azure AD, not the reverse operation. This means that when you create users or groups in on-premises AD, they are synced to Azure AD, but users or groups created in Azure AD are not synced back to on-premises AD by default.

    Currently, Azure AD Connect's synchronization rule editor is primarily used to configure and manage synchronization rules from on-premises Active Directory to Azure Active Directory. In the standard configuration, Azure AD Connect does not support synchronization from Azure AD to on-premises AD, especially writeback for create, update, and delete user and group objects.

    While Azure AD Connect does support certain types of writeback features, such as password hash writeback, device writeback, etc., syncing newly created users or groups in Azure AD directly back to on-premises AD is not a supported feature.

    I hope you the information above is helpful.

    If you have any questions or concerns, please do not hesitate to let us know.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

     

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.