I'm in a bit of a bind with an old application that relies on Active Directory (AD). The current host can't support it any longer due to high costs, and we primarily work with an Entra-only setup without any existing AD. Currently, about 20 users log in through a separate domain provided by the host to access this app, and we work remotely. We've already created a 2025 RDS server linked to Entra Domain Services, but the app can't seem to find the users—probably due to some hard-coded settings. We did some tests with a Domain Controller on a test server, and it worked fine there.
I've come across information mainly focused on transitioning from on-premises AD to Entra, but now I need to reverse that process if possible. The newer cloud sync features seem to sync cloud groups to AD but not the users.
So I'm considering two options:
1. Build the necessary domain controllers and RDS servers in Azure as a separate, disconnected domain to keep things running smoothly without complicating our Entra setup.
2. Dive into figuring out Entra syncing, but that feels riskier since our team lacks traditional AD experience.
I'm leaning towards option 1. Thoughts?
1 Answer
From what I understand, you can't actually sync user objects back to AD, only groups. It sounds like going with option #1 is the safest bet. Plus, it might be a good idea to push for a more modern replacement for that old app if possible. Just a thought!
You could use Graph and PowerShell to create accounts on-prem, but that might not be true syncing. We had a similar setup with a consultant, but it worked because we were already hybrid. Just a heads up!