Share via

AD Connect

Peraza, Omar 1 Reputation point
2021-02-25T18:03:20.04+00:00

Hello, I am in the final steps of configuring AD Connect. I need some guidance with staging. I have a on prem AD with accounts and Azure AD accounts. I like to sync a small group of users to test. I like to to use the OU filter to specify the group of users. My assumption is the AD filter OU objects will sync up to Azure AD objects per the filter. My question is on the sync process. What happens to the current accounts in Azure AD, accounts not group in the my test OU? Does sync reconcile and removes Azure AD accounts? On the separate question, what is the difference between selecting 'enable staging mode' and not selecting 'enable staging mode'?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abhijeet-MSFT 551 Reputation points Microsoft Employee
    2021-03-01T08:41:58.64+00:00

    Hi @Peraza, Omar , If the identities are different then the objects from onprem would sync over and create new identities in Azure and the existing accounts in Azure would continue to stay there. However if the identities are similar (matching UPN, Proxy address, etc.) then you may see that the accounts being synced from Onprem AD have merged with the accounts in Azure. Refer https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant

    When you enable staging mode, the identities from Onprem AD & Azure AD would be imported to AD connect and synced but they will not be exported to either Azure or Onprem AD. Staging server is recommended for disaster recovery situations. Refer https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.