If you choose not to use federated authentication, you can configure your servers with AAD Connect and then only choose to synchronise both your users and passwords to AAD. The steps below will help you to set up such a configuration.
This Step-by-Step guide contains several Powershell scripts and explanation for the following steps:
You can use parts of this script or run every step on the servers you want to configure. Be aware that every step has its own variables where you will have to set your own configuration options.
Step 1: Install the ADDS Role and DNS on your server(s)
***In case you already have a domain set up, you may skip this step and continue with step 2***
To use the AAD Connect tool and sync your users between your (on-premise) domain and the Azure AD, you would need a domain, and a domain controller. This Powershell script, will install the ADDS role and DNS. In case you already have a domain set up, you can skip this step.
Step 2: Run and finish the AAD Connect tool setup before you continue
You will need to have a working AAD Connect configuration before continuing with the next steps. In case you don't have a working AAD Connect setup, please follow the instructions in the setup guide below.
This guide contains the configuration steps, that we used and it is a working configuration for our reference topology. Of course there are many other configurations possible, so please choose the configuration, needed for your topology.
You can download the AAD Connect tool here.
You can find more information on supported topologies on this page.
There is also more information to be found about the express or customized installation of AAD Connect.