I've just installed Active Directory and want to sync the users with already existing Azure AD we have. From technical point of view it looks pretty easy. I've created domain
ad.company.com and added UPN of our verified domain
company.com. Than I created 3 accounts accounts:
The UPN for (1) already exists in Azure AD (regular user), The (2) and (3) do not exist in the Azure AD at the moment. I'm aware that password and other attributes for (1) will be overwritten by on-premise values in Azure AD.
I do not have any doubts regarding (3) but have some questions regarding (1) and (2):
email@example.com to manage AD locally and do not sync them at all; additionally create
firstname.lastname@example.org we have regular accounts to work with our services
I was trying to find the answer for this but in the Azure AD Connect documentation I've found only that
"Microsoft strongly recommends against synchronizing on-premises accounts with pre-existing administrative accounts in Azure Active Directory.
Which is totally opposite to my case.
Any advice appreciated.
Syncing accounts 1 and 2 to Azure AD doesn't proffer any special abilities, privileges, or rights to the synced accounts in Azure AD or Office 365. Additionally, their membership in any protected groups in your on premises AD is not synced to the account in Azure AD.
External links referenced by this document: