Access on-premise active directory from Azure functions/logic apps

Question

I'm in the process of integrating the HR system and Active directory which involves creating new users, updating existing user attributes, and disabling users in AD.

We have an on-premise Active Directory and use the Azure AD Connect to sync the Azure Active directory. We also have a domain controller in Azure VM. I have checked with the (on-premises data gateway - logic app) and (hybrid connection - azure function) both don't support on-premise active directory.

Any idea or workaround will be helpful to connect on-premise active directory or Azure VM domain controller from azure functions/logic apps etc.

Answer 1

Someone having a similar question in 2023, might find this useful. Microsoft recently released a new preview capability called API-driven provisioning which now makes it possible to implement HR-driven provisioning from any system of record.

To learn more about this capability, refer: API-driven inbound provisioning concepts

For sample PowerShell scripts / Logic Apps workflows, refer:
* PowerShell based integration
* Azure Logic Apps based integration

The primary advantage of using this approach is that the Azure AD provisioning service does all the heavy lifting of comparing what data has changed and applying the change, so your script doesn't need to implement the AD user fetch + comparison logic. Just regularly upload the data you get from your HR to the provisioning /bulkUpload API endpoint and you're good to go.

Answer 2

You can use PowerShell script to write attributes to the on- premises Active directory. If your HR database is SQL server that can be accessed via PowerShell script.

then sync on-prem AD to AAD