Has anyone successfully used Entra Cloud Sync to create corresponding Active Directory (AD) user accounts for those currently using Entra ID as cloud-only users? I'm looking for advice on how to back-provision these users so that they are managed by AD. I've heard from Copilot that this is now a supported process, but it doesn't sound like it's straightforward. I'd really appreciate any insights or experiences you could share on this topic!
4 Answers
According to a document I found, it seems like you can’t achieve this directly either. Creating the users on-prem and then linking them is the way to go. Here's the link to the Microsoft documentation: https://learn.microsoft.com/en-us/enctra/identity/hybrid/connect/how-to-connect-install-existing-tenant.
The feature you're looking for is called User Writeback. It used to be part of Entra Connect but got deprecated earlier. I’m not aware of it moving to Cloud Sync either. It seems like your AI is a bit off here! You should plan on carefully making this sync happen since converting existing cloud-only accounts into hybrid models isn’t just a simple task.
From what I've seen, the usual method involves creating accounts on-premises first and then syncing them, which means users would need to change their passwords. I haven't checked in about six months, though, so it's worth investigating if there have been updates since then.
Unfortunately, it's not possible to directly sync cloud-only accounts back into AD. You would need to create those users on-prem first. As long as the UPNs match, the cloud accounts can be linked correctly. But be aware the passwords will always update to whichever is newer, so users might still need to reset theirs.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures