If you are working in an hybrid environment with Active Directory on-premises being synchronized to Azure AD using Azure AD Connect, you are already probably aware about the group write-back capability which allows you to synchronize back to Active Directory Office 365 groups.
Well, this capability has been extended to allow you to also write-back other group types from Azure AD.
If you have already enabled Office 365 groups write-back, you just need to run the below commands to enable the group write-back v2 feature and run a full sync after
Set-ADSyncScheduler -SyncCycleEnabled $false
Import-Module ‘C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1’
Set-ADSyncAADCompanyFeature -GroupWritebackV2 $true
Set-ADSyncScheduler -SyncCycleEnabled $true
To do so connect to your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Groups blade or from the new Entra portal (https://entra.microsoft.com/) by accessing the Groups\All groups blade
Then you need to edit the displayed columns to add the Target writeback type and Writeback enabled
optionally you can now filter the groups to display only the Cloud ones
Once you have added the 2 columns you now choose to writeback a specific group and define the type (security, distribution or mail enabled security) of the group created back in Active Directory
If you try to enable write back to a group which is synchronized from Active Directory (source Windows Server AD) you will get the following error message; hopefully the option to enable write back will be smarter to not propose the option for these groups
Unable to complete due to service connection error. Please try again later.
