We've done this when AAD Connect was newer... we used to set immutable ID, but from what michev suggested and the article below, it seems easier and less complicated now. PowerShell will definitely help, especially if you have a lot of users already in AAD/O365..
AAD sync to local AD
Hello!
Could not find our case..
We have Azure AD with active users and subscriptions (DevOps, O365) with domain "company.com"
Just created new local AD DC with domain name "ad.company.com"
We would like to sync users from AAD to local AD to allow them SSO (cloud and local servers/laptop)
Would it work for us with option SSO with writeback?
Thanks for any help!
5 additional answers
Sort by: Most helpful
-
Jimmy Ståhl 26 Reputation points
2020-08-30T01:36:35.753+00:00 However you build around it with a topology like this if you need to provision user in azure for hybrid env
Azure AD -> Azure AD Domain Services -> forest trust -> On prem ADDS -> Azure AD connect -> Azure AD
That would solve your problem if I understand you correct
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-forest https://learn.microsoft.com/en-us/azure/active-directory-domain-services/synchronization