LDAP synchronization with Microsoft Entra ID
Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on the TCP/IP stack. It provides a mechanism that you can use to connect to, search, and modify internet directories. Based on a client-server model, the LDAP directory service enables access to an existing directory.
Many companies depend on on-premises LDAP servers to store users and groups for their critical business apps.
Microsoft Entra ID can replace LDAP synchronization with Microsoft Entra Connect. The Microsoft Entra Connect synchronization service performs all operations related to synchronizing identity data between you're on premises environments and Microsoft Entra ID.
When to use LDAP synchronization
Use LDAP synchronization when you need to synchronize identity data between your on premises LDAP v3 directories and Microsoft Entra ID as illustrated in the following diagram.
System components
- Microsoft Entra ID: Microsoft Entra ID synchronizes identity information (users, groups) from organization's on-premises LDAP directories via Microsoft Entra Connect.
- Microsoft Entra Connect: is a tool for connecting on premises identity infrastructures to Microsoft Entra ID. The wizard and guided experiences help to deploy and configure prerequisites and components required for the connection.
- Custom Connector: A Generic LDAP Connector enables you to integrate the Microsoft Entra Connect synchronization service with an LDAP v3 server. It sits on Microsoft Entra Connect.
- Active Directory: Active Directory is a directory service included in most Windows Server operating systems. Servers that run Active Directory Services, referred to as domain controllers, authenticate and authorize all users and computers in a Windows domain.
- LDAP v3 server: LDAP protocol-compliant directory storing corporate users and passwords used for directory services authentication.
Implement LDAP synchronization with Microsoft Entra ID
Explore the following resources to learn more about LDAP synchronization with Microsoft Entra ID.
Hybrid Identity: Directory integration tools comparison describes differences between Microsoft Entra Connect Sync and Microsoft Entra Connect cloud provisioning.
Microsoft Entra Connect and Microsoft Entra Connect Health installation roadmap provides detailed installation and configuration steps.
The Generic LDAP Connector enables you to integrate the synchronization service with an LDAP v3 server.
Note
Deploying the LDAP Connector requires an advanced configuration. Microsoft provides this connector with limited support. Configuring this connector requires familiarity with Microsoft Identity Manager and the specific LDAP directory.
When you deploy this configuration in a production environment, collaborate with a partner such as Microsoft Consulting Services for help, guidance, and support.
Next steps
- What is hybrid identity with Microsoft Entra ID? Microsoft's identity solutions span on-premises and cloud-based capabilities. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.
- Microsoft Entra authentication and synchronization protocol overview describes integration with authentication and synchronization protocols. Authentication integrations enable you to use Microsoft Entra ID and its security and management features with little or no changes to your applications that use legacy authentication methods. Synchronization integrations enable you to sync user and group data to Microsoft Entra ID and then user Microsoft Entra management capabilities. Some sync patterns enable automated provisioning.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for