Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following document describes the common and supported hybrid sync scenarios.
Supported sync scenarios
The following table outlines the most common and supported sync scenarios.
| Scenario | Supported with cloud sync | Supported with connect sync | Supported with MIM and the Graph Connector | Supported with ECMA Host connector |
|---|---|---|---|---|
| New Hybrid customers managing identities | ● | ● | ● | N/A |
| Mergers and acquisitions (disconnected forest) | ● | N/A | ● | N/A |
| High availability - latency (I need high availability) | ● | N/A | ● | N/A |
| Migration from connect sync to cloud sync | ● | ● | N/A | N/A |
| Microsoft Entra hybrid join | N/A | ● | N/A | N/A |
| Exchange hybrid | ● | ● | N/A | N/A |
| User accounts in one forest / mailboxes in resource forest | N/A | ● | N/A | N/A |
| Sync large domains with more than 250K objects | N/A | ● | ● | N/A |
| Filter directory objects based on attribute values | N/A | ● | ● | N/A |
| Windows Hello for Business | N/A | ● | N/A | N/A |
| Synchronize from cloud to on-premises AD | N/A | N/A | ● | N/A |
| Synchronize from cloud to on-premises LDAP | N/A | N/A | ● | ● |
| Synchronize from cloud to on-premises SQL | N/A | N/A | ● | ● |
Supported provisioning scenarios
The following table outlines the common and supported provisioning scenarios.
| Scenario | Supported with cloud sync | Supported with connect sync | Supported with MIM and the Graph Connector | Supported with ECMA Host connector |
|---|---|---|---|---|
| Group provisioning to Active Directory | ● | N/A | ● | N/A |
For more information, see Supported topologies for cloud sync and Supported topologies for connect sync.
Additional information
- You can sync users & groups from the same domain using Connect Sync and cloud sync if:
- Scoping filters in each sync is mutually exclusive
- If inclusive, don’t have the same attributes values clashing (Precedence isn’t supported)
- You can sync users & groups using Connect Sync while using cloud sync’s net new capabilities (*called out in Roadmap)
- You can sync objects from a single AD to multiple Azure ADs if writeback capabilities are enabled only in a single Microsoft Entra tenant.
Cloud sync and connect sync in parallel
You can run cloud sync and Microsoft Entra Connect in the same forest. You may decide to do allow cloud sync to handle 80% and use Microsoft Entra Connect for some of your more obscure, 20% scenarios. The tutorial, Migrate to Microsoft Entra Cloud Sync for an existing synced AD forest shows an example of how you would run each.