In any hybrid environment, on-premises Active Directory objects are synchronized to Azure AD using Azure AD Connect. When Active Roles is deployed in such a hybrid environment, the existing users and groups' information, such as Azure objectID, must be synchronized back from Azure AD to on-premises AD to continue using the functionality. To synchronize existing AD users and groups from Azure AD to Active Roles we must use the back-synchronization operation.

In Federated or synchronized Identity environment, while creating objects like users, groups, or contacts they are created in on-premise and then synchronized from on-premise to Azure using AAD Connect. Backsync operation is performed to obtain the ObjectID of these objects and update the edsvaAzureObjectID in Active Roles to allow further management.

The back-synchronization operation can be performed automatically or manually using the Active Roles Active Roles Synchronization Service Console:

  • Automatic Back Synchronization is performed using the Azure Backsync Configuration feature in Active Roles Synchronization Service that allows you to configure the backsync operation in Azure with on-premises Active Directory objects through the Active Roles Synchronization Service Console. After the backsync operation is completed successfully the Azure application registration and the required connections, mappings, and sync workflow steps are created automatically.

    For information on configuring the backsync operation automatically using the Active Roles Synchronization Service Console, see Configuring Sync Workflow to back-synchronize Azure AD Objects to Active Roles automatically using the Active Roles Synchronization Service Console.

    For more information on the results of the backsync operation see the One Identity Active Roles Synchronization Service Administration Guide.

  • Manual Back Synchronization is performed by leveraging the existing functionality of Synchronization Service component of Active Roles. Synchronization workflows are configured to identify the Azure AD unique users or groups and map them to the on-premises AD users or groups. After the back-synchronization operation is completed, Active Roles displays the configured Azure attributes for the synchronized objects.

    For information on configuring Synchronization workflows for Azure AD, see One Identity Active Roles Synchronization Service Administration Guide.