Sync Microsoft Entra ID with Local Domain

David 0 Reputation points
2024-08-27T10:37:26.0333333+00:00

Hello,

Currently in our organization, users and email accounts are in an Azure Tenant. The issue at hand is the need to create an AD domain on a local controller to apply GPOs, resources, permissions, etc.

As such, we would need to synchronize the accounts we currently have in ENTRA with the locally created controllers. It's like a reverse synchronization: from the cloud to the local controller to keep the information synchronized, and from this starting point, continue with the usual flow from the local controller to Azure.

How can this procedure be technically carried out? Are all cloud attributes copied in their entirety to the local AD?

Thank you for your help.

Best regards, David.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,364 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Akpesiri Ogbebor 300 Reputation points
    2024-08-27T16:21:44.96+00:00

    Hi @david,

    Thanks For posting this on the Q&A platform.

    I understand you want to know if it’s possible to sync from Azure AD to a local AD.

    Direct synchronization of Azure AD objects to a local AD isn't supported. You can only sync Objects from local AD to Azure AD by using the Azure AD Connect.

    However, you can use the MS Entra Domain Services. Microsoft Entra Domain Services provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

    You can read more about Microsoft Entra Domain Services here: https://learn.microsoft.com/en-us/entra/identity/domain-services/overview

    0 comments No comments

  2. David 0 Reputation points
    2024-08-28T09:24:55.8666667+00:00

    User's image

    I'll be more specific. In my organization, we currently only have cloud services and all users are registered in Microsoft Entra ID. We need to install all the on-premises infrastructure. Can we synchronize the users to the on-premises Active Directory?

    Would you like me to provide an answer to this question about synchronizing users from Microsoft Entra ID (formerly Azure AD) to on-premises Active Directory?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.