Lab · Active Directory

Hybrid Identity with Active Directory and Microsoft Entra ID

By Andreas Krisby 2026-01-20 2 min read

Background

I wanted to better understand how identities are managed in a hybrid environment where Active Directory is used on-premises while users and groups are synchronized to Microsoft Entra ID.

The goal was to gain hands-on experience with identity synchronization, user lifecycle management, and group-based access control across both environments.

What I Built

I created a small hybrid identity lab using:

  • Windows Server 2022
  • Active Directory Domain Services
  • Microsoft Entra ID
  • Microsoft Entra Connect
  • Oracle VirtualBox

The environment included users, groups, and organizational units (OUs) to simulate a basic organizational structure.

What I Tested

I focused on understanding how identities and group memberships are synchronized between Active Directory and Entra ID.

This included testing:

  • User creation
  • Group membership changes
  • User account disablement
  • Attribute modifications
  • Delta Sync and Initial Sync
  • Group-based RBAC

The objective was to observe how changes made in Active Directory were reflected in Microsoft Entra ID.

Results

The project provided a better understanding of:

  • Active Directory as the source of truth
  • Identity synchronization between on-premises and cloud environments
  • How Microsoft Entra Connect manages identity data
  • The difference between Delta Sync and Initial Sync
  • Group-based access control using the principle: User → Group → Access

Challenges

During the project, synchronization initially failed due to authentication issues between the environments.

After troubleshooting, the root cause was identified as incorrect system time, which affected certificate and token-based authentication.

This highlighted how dependent modern identity systems are on accurate time synchronization.

Reflection

The most interesting part of the project was seeing how identities flow from an on-premises directory into a cloud identity platform.

It also reinforced the importance of group-based RBAC and demonstrated how a centralized source of identity simplifies administration, access management, and lifecycle processes in hybrid environments.