How can we improve Azure Active Directory?

Sync Azure Active Directory Down to On-Premises AD

It would be great to be able to sync Azure AD down to On-premise AD. I want to centrally manage my users, passwords, and groups from Azure AD. That way the on-premise server just acts as a medium for the local environment.


It says "coming soon" for cloud to on premise sync. It was last updated on September 5th 2014. I cant find any new information on if this is out.

210 votes
Sign in
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Kolbe Stevenson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: oidc
Signed in as (Sign out)
  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on this? If a user changes their phone number in Delve / SharePoint in O365, it currently doesn't get replicated back to on premises AD which is useless!

  • Wouter van Rij commented  ·   ·  Flag as inappropriate

    Indeed would be good to read why this was declined, and what the alternative will be. We're a startup that started with Office365, and then to on-premise AD. Would prefer to keep the Azure AD leading.

  • Daniel commented  ·   ·  Flag as inappropriate

    It appears this feature has been declined, can we please have some indication from MS why this is?

    Especially since an AAD->AD sync tool must already exist since it's exactly how Azure AD Domain Services works ( AAD DS works for those that can afford the costs of Azure and have a reliable internet connection for a site-to-site VPN, but not so well for those that don't.

    In our case (a K-12 school), we've attempted some degree of cloud-first-ness and built most of our infrastructure using Office 365 tools, and integrated in some other web tools using SAML/OAuth. However we still need to provide services like printer services (which connect over SMB and therefore need Kerberos/NTLMv2) and RADIUS for our wireless (which also need Kerberos/NTLMv2/LDAP). I appreciate that setting up AD and AAD Connect is not difficult in itself, but I've seen enough issues and had enough headaches having to deal with e.g. the ProxyAddresses attribute etc. that I'd like to save my support staff from that as much as possible.

    We basically just need an on-prem version of Azure AD Domain Services. Please and thank you?

  • Anonymous commented  ·   ·  Flag as inappropriate

    This would be really useful. We also want our prem AD as secondary to Azure Online. A sync back tool would be ideal.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This would be a great if it was part of AAD/AADc AD integration... i would give us a lot more confidence...

  • Anonymous commented  ·   ·  Flag as inappropriate

    Looking for an update on this as well as would really streamline onboarding. Moderators please gives us an update.

  • Christophe commented  ·   ·  Flag as inappropriate

    When will this feature be available?
    it's been months / years we're promised that.

    In your Azure documentation, this is possible in Premium 1. How to do it when we bought the Preminum 1 just for the UserWriteBack?
    Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)

    any information will be welcome

  • Eric Campbell commented  ·   ·  Flag as inappropriate

    It's been three months! The suspense is killing me. ...seriously though, it would be great to have this available. Any news (even if it's news of a setback) would be welcome.

  • Neil commented  ·   ·  Flag as inappropriate

    It's been a couple of months, @RobDeJong. Is there anything in the pipeline? We're still having to provision Users on-premise, would be great to be able to at least have a service in Azure that enables a basic user creation form that then has the rights to create a user in AD, and then continues the provisioning tasks once that user has been pushed up the AAD. Anything!

  • Rob de Jong (Azure AD IAM) commented  ·   ·  Flag as inappropriate

    Hi folks - we're currently designing a new service that will write back users and groups from AAD to various different targets - AAD, other directories, applications - and we're not planning on implementing this in the AADConnect sync stack. We hope to be able to tell you more about this in a couple of months. Any specific input you may have on this topic is welcome!

  • Jeremy Bradshaw commented  ·   ·  Flag as inappropriate

    I've noticed the AAD Connect AdPrep PowerShell module still includes the Initialize-UserWriteback, but other pieces that used to be present seem to be missing from other places.

    PS C:\Users\Administrator> Import-Module 'C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1'
    PS C:\Users\Administrator> Get-Command -Module AdSyncPrep -Verb Initialize

    CommandType Name Version Source
    ----------- ---- ------- ------
    Function Initialize-ADSyncDeviceWriteBack 0.0 AdSyncPrep
    Function Initialize-ADSyncDomainJoinedComputerSync 0.0 AdSyncPrep
    Function Initialize-ADSyncGroupWriteBack 0.0 AdSyncPrep
    Function Initialize-ADSyncNGCKeysWriteBack 0.0 AdSyncPrep
    Function Initialize-ADSyncUserWriteBack 0.0 AdSyncPrep

← Previous 1 3

Feedback and Knowledge Base