Microsoft Endpoint Manager – How to Synchronize Local AD Account to Intune with Azure AD Connect

In the previous blog I explained how to create users in Microsoft Endpoint Manager. But what if you already have on-premise infrastructure with users you want to synchronize with Azure AD? It’s possible with Azure AD Connect.

Azure AD Connect is the Microsoft free tool that helps you synchronize on-premise AD accounts into Azure AD which means you don’t need to re-create accounts in the cloud for your on-premise users and they can use cloud services like Office 365, Intune and cloud apps using their existing accounts. You can download the latest version of Azure AD connect from Microsoft Download Center.

I want to outline a few important points related to installation prerequisites:

  • Domain-joined Windows Server 2012 Standard/Enterprise or later with a full GUI
  • Global Azure AD administrator account
  • AD Enterprise administrator account
  • SQL Server 2012 to 2019 (SQL Server Express can be installed during Azure AD Connect installation as a default option)
  • Internet connectivity from server with Azure AD Connect and DNS resolution for all Internet and Intranet domains

So, let’s start.

First of all you need to prepare on-premise accounts for synchronization if it’s not done yet. We need to add an alternative UPN suffix to Active Directory DS. To do that run Active Directory Domains and Trusts console, then open Properties and add your custom domain name:

If you don’t add UPN suffix then your user@domain.local will be synchronized to Azure AD as

Then we need to change the domain for users we want to synchronize. Go to Active Directory Users and Computers, choose user accounts you want to synchronize and select public custom domain on Account tab:

Run Azure AD Connect installer and agree to the license terms:

Click Continue. On the Express Settings page select Customize, then click Install:

Leaving Password Hash Synchronization as a default option means users accessing cloud services will use their on-premises passwords:

Click Next and provide Azure AD Global admin credentials:

Click Next. Choose Add Directory:

Provide your on-premise AD Enterprise Administrator credentials for periodic synchronization:

Then click OK and wait for a confirmation that your local directory was successfully added:

Click Next, then select Continue without matching all UPN suffixes to verified domains:

And click Next. On the Domain and OU filtering wizard page select OU with user accounts you want to synchronize to Azure AD:

Click Next. On the Uniquely identifying your Users page leave settings as default and click Next:

We set up a lab so we will synchronize all users we have in our “cloud” OU:

Click Next. Optional Features configuration will be described in a separate blog. At this moment we are good with the basic configuration so just click Next:

Review the high-level configuration that will be done and click Install:

Review the status of your installation and click Exit:

That’s it for now. Click over to the next article in the series where we’ll check if we successfully synchronized our on-premise AD accounts to Azure AD. As always, if you need help beyond what we covered here, click here and our experts team will be with you in minimum possible time.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.