Hey everyone! I'm trying to find out if it's possible to sync users from Microsoft Entra ID to my on-premises Active Directory for local authentication, like using LDAP or RDS. Just to clarify, I'm not looking to sync local AD users to Entra ID, only the other way around.
5 Answers
User writeback was deprecated a while ago, so directly syncing users isn't straightforward. One option is to export the users from Entra ID to a CSV file and then script their addition to Active Directory. It's not perfect but can get the job done.
Unfortunately, Microsoft doesn't directly support syncing users back to on-prem AD from Entra. A good alternative is to set up AD Connect for local to cloud synchronization and adjust the Source of Authority for each user. This way, any changes made in the cloud will sync back down to your local AD.
It really depends on your specific needs. If you have an on-premises system that relies on AD for authentication, there are ways to write back to AD, but they'd likely be more manual and clunky. The right approach will vary based on whether you need passwords synced too.
Syncing users from Entra ID to on-prem AD isn't natively supported since LDAP writeback isn't available. If you're dealing with a hybrid setup, consider identity governance solutions or security overlays, like Orca Security or Ping. They manage sync and audit processes better and help with authentication concerns. Always remember to back up your AD before attempting any major sync changes!
You might want to look into Entra DS, which is a managed Active Directory from Microsoft that works with Entra. However, it's somewhat limited and might require individual user password setups rather than providing full SSO functionality.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures