Technology overview

The Microsoft Identity Manager (MIM) 2016 or other identity management products are typically used to prepare the identities stored in the local Active Directory for cloud synchronization. The Azure AD Connect tool is generally used to synchronize the AD identities to the Azure AD to be used in connected software as a a service (SaaS) applications or other functionalities. The main advantage that MIM 2016 provides for this solution is to help with domain/forest consolidations, attribute normalization, and complete on-premise identity management with the help of workflows to support your business processes.

As you can see in the following diagram, MIM 2016 is also capable of synchronizing identities with the Azure AD. So, you're probably wondering which tool you should use to sync identities with Azure AD.

The short, practical answer for common scenarios is the Azure AD Connect tool because it supports all the provided synchronization functionality of the Microsoft Azure AD.

The following diagram provides a schematic view of the usage scenarios of both tools:

Azure AD Connect doesn't offer an active user write back. You'll find this option is deactivated in the Azure AD Connect configuration. To add this functionality, you can use the MIM Graph API connector like in Azure B2B user management, where you need to write the guest user back to your AD. To view a comparison between the tools, check out Hybrid Identity directory integration tools comparison at https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-hybrid-identity-design-considerations-tools-comparison.