Azure AD Connect: Should new users be added first to Azure AD or to AD DS on-prem?

Question

Let's assume there is an up-to-date environment that uses Azure AD Connect to sync user accounts between AD DS on-prem and Azure AD in the cloud.

When adding new users - should they be added to Azure AD first (and then synced back to on-prem by Azure AD Connect) or rather to the on-prem AD (to be synced to Azure AD)? Why?

score 0 · Accepted Answer · answered Jun 29 '18 at 05:18

0

As I know, if you add a new user to the on-premise AD, it can be synced back to Azure AD with Azure AD Connect. But if you add to Azure AD, it will not. So if you want to add new users, you would be better to add them to the on-premise AD.

What's more, if the user will not use the on-premise resource, you can add it to Azure AD. The Azure AD just provides people with a solution to the problem that the on-premise AD cannot solve.

answered Jun 29 '18 at 05:18

Charles Xu

146
3

Ok so that means you can sync *properties* of users back from the cloud to on-prem, but not new user objects, right? – Heinrich Ulbricht Jun 29 '18 at 09:22
Just can sync from on-prem to cloud. I mean that if you add the user to cloud you just can use the cloud resource. – Charles Xu Jun 29 '18 at 09:33

Azure AD Connect: Should new users be added first to Azure AD or to AD DS on-prem?

1 Answers1