Azure AD – You can now expand the groups write-back capabilities to more group types

If you are working in an hybrid environment with Active Directory on-premises being synchronized to Azure AD using Azure AD Connect, you are already probably aware about the group write-back capability which allows you to synchronize back to Active Directory Office 365 groups.

Well, this capability has been extended to allow you to also write-back other group types from Azure AD.

If you have already enabled Office 365 groups write-back, you just need to run the below commands to enable the group write-back v2 feature and run a full sync after

Set-ADSyncScheduler -SyncCycleEnabled $false

Import-Module  ‘C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1’

Set-ADSyncAADCompanyFeature -GroupWritebackV2 $true

Set-ADSyncScheduler -SyncCycleEnabled $true

To do so connect to your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Groups blade or from the new Entra portal (https://entra.microsoft.com/) by accessing the Groups\All groups blade

image  image

Then you need to edit the displayed columns to add the Target writeback type and Writeback enabled

image

optionally you can now filter the groups to display only the Cloud ones

image

Once you have added the 2 columns you now choose to writeback a specific group and define the type (security, distribution or mail enabled security) of the group created back in Active Directory

image  image  image

If you try to enable write back to a group which is synchronized from Active Directory (source Windows Server AD) you will get the following error message; hopefully the option to enable write back will be smarter to not propose the option for these groups

Unable to complete due to service connection error. Please try again later.

image

Leave a Comment

Your email address will not be published.