As I’ve mentioned previously, looks like the Azure AD time is running on speed or Red Bull, anyways they are active! today they announced a new preview of their universal tool Azure AD Connect (Which is going to replace DirSync and AAD Sync)
So there are alot of new features in preview in this new Azure AD Connect like.
- User writeback
- Group writeback
- Device writeback
- Device Sync
- Directory extension attribute sync
So this means that there are more ways to deploy two-ways sync. Also it makes it easier for hosting providers to do onboarding for existing cloud partners to their existing to their on-premise Active Directory.
Now in order to use these features we need to do some changes to our active directory on-premise.
You can that the device and group writeback options are disabled until we run the PowerShell wizards.
First we need to locate the AdSyncADPrep module which are located under C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep
Then import the module Import-Module «C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncAdPrep.psm1
First to allow sync of Windows 10 devices which are joined to the local Active Directory
Initialize-ADSyncDomainJoinedComputerSync -ForestName contoso.com -AdConnectorAccount $psCreds -AzureADCredentials $azureAdCreds
AdConnectorAccount (Local active directory username and password)
AzureADcredentials (Azure AD username and password)
Then we need to define the writeback rule for those who are defined in Azure AD and define writeback
Initialize-ADSyncDeviceWriteBack -DomainName region.contoso.com -AdConnectorAccount $
Then for user-writeback to local active directory
Initialize-ADSyncUserWriteBack -AdConnectorAccount $psCreds -UserWriteBackContainerDN «OU=CloudUsers,DC=contoso,DC=com
Where the OU defines where the Azure AD users are going to be created in the local Active Directory. We can also define writeback in the wizard