Hey everyone! We've transitioned fully to a cloud setup with Microsoft 365, but we still rely on some on-prem file servers and NAS that don't support Single Sign-On (SSO). Our on-prem Active Directory still has users, which are different from those in EntraID because we haven't set up synchronization yet. Is there a way to sync identities from EntraID to our on-premises Domain Controller? Appreciate any insights!
3 Answers
Unfortunately, syncing isn't an option right now. You might want to consider using Entra Domain Services, which would give you a new Active Directory linked to your cloud setup, but you'd need to overhaul part of your infrastructure. The quickest way could be to connect your existing Domain Controller with Entra ID by matching users through soft or hard matching.
I don't think so. You’d likely need to write a PowerShell script to pull users from Azure AD and create them in your on-prem domain manually. Unfortunately, there's no way to sync passwords. If you enable sync and convert those users into hybrid users, you could face complications. My advice would be to just create users on the domain as needed and manage them separately. Plus, you’d miss out on features like MFA, so it might be better to transition your file servers to Azure storage instead.
The closest thing available would be managing groups; other syncing scenarios aren't currently supported. It really does seem like user syncing should be feasible since devices and groups can do it, but there are complexities involved. Transitioning fully to the cloud could be more realistic for larger organizations. You can check out Microsoft's resources for more.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures