Hi all,
I have been finding the best way to do an Azure AD sync to my local Directory Services environment.
Currently, we keep all contact information in O365, and just the names and pw’s for local login in local AD. We would like to find a solution that will allow us to do the following:
- Link the local AD to the Azure AD login for SSO/begin us down the path of using Azure AD for SSO
- Not lose all the information I already have in Azure AD/O365 for contact information
- I would like the Azure AD infrastructure to mirror the OU breakdown’s that I have in local AD already.
Any advice you guys can give me on best starting points/practices/pain points would be awesome!
2 Spice ups
You can set up Office 365 to synchronize that Azure AD with your on-prem AD. Once you set up synchronization, you can decide to have user authentication take place in Azure AD or in your on-prem directory.
- The option for syncing on-prem to O365 is going to be Federated Identity , which requires additional set-up. This requires setting up AD FS or using a third-party identity provider. Azure AD Connect will check your on-prem AD Server for any new identities created and provision those into Azure AD. If any changes are made to the identity on-prem, those changes are synchronized to Azure AD and made available through the O365 admin center.
- Make sure you’re preparing correctly and setting things up for Azure AD Connect, with directory synchronization , and I would recommend a custom installation of Azure AD Connect. You can decide things such as how users should be identified, sign-in configuration, etc.
This page is going to tell you all that you need to know about Azure AD Connect: What is hybrid identity with Microsoft Entra ID? - Microsoft Entra ID | Microsoft Learn
If you have specific questions, just let me know, and I’ll try and get you answers!
