Creating users and groups in Azure AD automatically

Alistair Young 31 Reputation points
2021-09-01T10:34:22.787+00:00

At the moment we are using Microsoft Identity Manager (MIM) to provision users and groups to on-premise AD which are then synced to Azure AD with AD Connect. MIM is retiring in 2025 so will no longer be an option. Is there a way to automatically provision users and groups in Azure AD or will it always require the presence of on-premise AD/AD Connect?

The Graph API can be used for managing users and groups but that requires a large development effort to replace MIM. Is there nothing planned as direct to Azure AD replacement for MIM?

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
641 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,183 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 9,541 Reputation points Microsoft Employee
    2021-09-01T15:22:54.44+00:00

    Azure AD Connect is the replacement. In the architecture you described, MIM is going from <other source> into on-prem AD, and AAD Connect is carrying data from on-prem AD into Azure AD, right? In that case, MIM's only functionality that is required for you is to go from <other source> into on-prem AD.

    My understanding is that for quite a few years now it has not been advised to use the WAAD(Windows Azure Active Directory) connector in MIM for any new deployments, but rather to use Azure AD Connect. Given that understanding, you should only be using AAD Connect moving forward, and then you'll have to solve the problem between any external data sources and on-prem AD separately.

    1 person found this answer helpful.