This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Good Day
We currently using Azure AD Connect to sync our On-premise AD to Azure AD.
Can one sync objects, User accounts, Distribution lists, etc from Azure AD back to on-premise AD?
So if an object gets created by teams or 365 one can manage that object from on-premise AD.
So i guess this will be a bi-directional sync. So if objects get created on Azure AD or On-premise AD the sync happens both ways so that objects are available both on Azure AD and On-premise AD?
Thank you
It is not possible to sync objects from AAD to On Premises AD, this is a one way sync only.
The only exception to this is if you utilise Azure AD Domain Services, where resources can sync from AAD, but this is a separate AD instance, it would not help you sync to your on-premises AD.
Azure AD Domain Services is sounding to be a possible solution.
Does the objects from AAD sync to Azure AD DS and vice versa?
With Azure AD DS can one get rid of traditional domain controllers completely? Ie only use Azure AD DS for all hosts in the cloud and On-Prem? Provided that you have site-site vpn.
AAD DS is intended to allow you to support applications that need traditional AD, in an Azure environment, they are not intended as a replacement for on-prem AD. It is a one way sync of objects from AAD to AAD DS, and these objects are not editable in AAD DS. Objects created in AAD DS do not sync to AAD.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
With Azure AD DS it's still a one-way synchronization. And like Sam mentioned it still woudn't help with the on-premises sync.
"A managed domain is configured to perform a one-way synchronization from Azure AD to provide access to a central set of users, groups, and credentials. You can create resources directly in the managed domain, but they aren't synchronized back to Azure AD."
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@DesmondKrummeck-3250
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.