Azure Active Directory Sync tool - Sync a new AD, will it clear my users in Azure AD?

Question

I have just installed a new AD server locally in the office and wants to sync it with my users in Azure AD. But I am not sure if this will see my new AD server with no users in them, and then delete the users I have in Azure AD, or will it copy my Azure AD users down to my local AD?

I cannot see any definitive documentation on this matter, any help would be appreciated.

Answer 1

To your first question (will users be deleted?): Directory Sync uses object's unique identifiers to track changes with respect to their cloud copies. Presumably, no object in your new AD would have the same identifiers as an object in your old AD, so DirSync wouldn't see this as a "deleted user". So, will it delete existing users? Probably not, but definitely test before you do this! (use a different AAD directory).

To your second question (will it copy users down?): No. Directory Sync is currently a one-way sync: it won't sync users down from your AAD to your on-premise AD.

Answer 2

The synchronisation via DirSync usually runs every 3 hours and applies following changes with every run:
1- marks that the user is missing from local AD
2- nothing
3- deletes the user

This is a safety precaution in case the user data was just not passed during sync.

Changes always go from local AD to the cloud.