Directory synchronization

Many organizations have a hybrid infrastructure that encompasses both on-premises and cloud components. Synchronizing users' identities between local and cloud directories lets users access resources with a single set of credentials.

Synchronization is the process of

• creating an object based on certain conditions,
• keeping the object updated, and
• removing the object when conditions are no longer met.

On-premises provisioning involves provisioning from on-premises sources (such as Active Directory) to Microsoft Entra ID.

When to use directory synchronization

Use directory synchronization when you need to synchronize identity data from your on premises Active Directory environments to Microsoft Entra ID as illustrated in the following diagram.

System components

• Microsoft Entra ID: Synchronizes identity information from organization's on premises directory via Microsoft Entra Connect.
• Microsoft Entra Connect: A tool for connecting on premises identity infrastructures to Microsoft Entra ID. The wizard and guided experiences help you to deploy and configure prerequisites and components required for the connection (including sync and sign on from Active Directories to Microsoft Entra ID).
• Active Directory: Active Directory is a directory service that is included in most Windows Server operating systems. Servers that run Active Directory Domain Services (AD DS) are called domain controllers. They authenticate and authorize all users and computers in the domain.

Implement directory synchronization with Microsoft Entra ID

Explore the following resources to learn more about directory synchronization with Microsoft Entra ID.

• Hybrid Identity: Directory integration tools comparison describes differences between Microsoft Entra Connect Sync and Microsoft Entra Connect cloud provisioning.
• Microsoft Entra Connect installation roadmap provides detailed installation and configuration steps.

Next steps

• What is hybrid identity with Microsoft Entra ID? Microsoft's identity solutions span on-premises and cloud-based capabilities. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.
• Microsoft Entra authentication and synchronization protocol overview describes integration with authentication and synchronization protocols. Authentication integrations enable you to use Microsoft Entra ID and its security and management features with little or no changes to your applications that use legacy authentication methods. Synchronization integrations enable you to sync user and group data to Microsoft Entra ID and then user Microsoft Entra management capabilities. Some sync patterns enable automated provisioning.