ExchangeKB
asked on
Migrate Azure AD to On-prem AD
I have a scenario where organization was setup in O365 and Azure AD and now wants to have onprem AD and file services, what is the best way to migrate Azure AD to onpremise AD. Once complete, i would expect to have some form of sync between onprem and O365, they will still use exchange online.
The can onprem AD ( Server 2016) be populated from Azure using AADconnect writeback, has anyone done this? please share
The can onprem AD ( Server 2016) be populated from Azure using AADconnect writeback, has anyone done this? please share
Cliff Galiher
Nom you can't use AADConnect that way. You'll want to plan AD as if it were from scratch. Then implement AADConnect. It'll soft match the accounts you create on prem if you set things up right.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Cliff and Adam for the comments.
I am looking at a least convoluted way possible, my plan at a high level will be
- setup ad from scratch on onprem and powershell bulk create AD users, groups to match Azure
- UPN matches Azure user id
- setup AADconnect and sync, (hoping to do passsword write back so users get to keep their cloud passwords on onprem)
I am guessing at this point as you suggest the main anchor point is the UPN, as there is no onprem Exchange, the proxy address AD attrib is going to be blank, would this screw up the primary email address in O365 to .onmicrosoft.com address ?? Ive seen this happen in the past with Dirsync, not sure about AADconnect.
If this is going to be the case I might just go essentials dashboard integration for O365.
I am looking at a least convoluted way possible, my plan at a high level will be
- setup ad from scratch on onprem and powershell bulk create AD users, groups to match Azure
- UPN matches Azure user id
- setup AADconnect and sync, (hoping to do passsword write back so users get to keep their cloud passwords on onprem)
I am guessing at this point as you suggest the main anchor point is the UPN, as there is no onprem Exchange, the proxy address AD attrib is going to be blank, would this screw up the primary email address in O365 to .onmicrosoft.com address ?? Ive seen this happen in the past with Dirsync, not sure about AADconnect.
If this is going to be the case I might just go essentials dashboard integration for O365.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.