Allow ADConnect to register in place or a built in Portal switch to sync users matching verified domains and rules back to azureAD.
Subject: RE: 118090418928814 trying to properly sync a user from an azure domain service domain to azure ad itself. Azure Active Directory
We understand what your saying.
So to use the managed domain ldaps and custom OU’s ( users / groups stored here at this location in the managed domain ) how do we get these back up and around to the azure infrastructure since we know it’s a one way from the top. If we setup a managed domain joined machine and Adconnect sync the custom ou’s to the azure AD tenant will this break the tenant? Is there a way to use these object’s in your managed domain infrastructure custom OU’s as you would a normal domain dc? If you can’t sync them into the azured tenant that seems like a missed opportunity given the use of the custom ou’s is specifically allowed.
Azure AD Domain Services has a one-way synchronization mechanism FROM Azure Active Directory. Users, and organizational units from Domain Services do not sync to Azure AD. This is because Domain Services is an extension of Azure Active Directory— to enable organizations to lift on-premises applications that use legacy protocols like LDAP and Kerberos to Azure. The custom group sync provided by Azure AD Domain Services is there to enable customers to reduce the scope of the users that is synced from Azure Active Directory to Azure AD Domain Services.
The services does not work that way and their are no plans to change it at this time.
Mike Stephens, Azure AD Domain Services PM