Group writeback features allows to writeback Office 365 Groups to On-Prem. This helps to show up in GAL if you have mixed set of users on-prem and in exchange online.
FYI, Group writeback feature does not include security groups or distribution groups created in Exchange Online.
Here are the steps to enable Group writeback :-
- Create a Organizational Unit on-prem to host synced Office 365 Groups from Office 365.
- Grant permission account running Azure AD Sync to create objects on-prem. Account named would be starting with ‘MSOL’. Also you can find that account in AD connect console as well.
- Run these command with account having domain admin rights and update the cn with your domain’s account.
$AzureADConnectSWritebackAccountDN = ‘CN=MSOL_d557833993ae,CN=Users,DC=lab,DC=local‘
Import-Module “C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1”
Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $AzureADConnectSWritebackAccountDN
- I created an OU named ‘Office365Groups‘
- Launch Azure AD Connect.
- Navigate to customize synchronization options.
- Provide your Global Administrator credentials and select ‘Group Writeback’.
- As soon as you click ‘Group Writeback’ a new option will appear in navigation tree.
- Select OU created to host Office 365 groups. Here I selected ‘Office365Groups’ OU.
- Click configure and check mark ‘synchronization’.
- It will now created objects in the OU, Also please monitor synchronization service. because that might throw error if service account doesn’t have sufficient permission to create objects in OU.
- New objects will look like below and please run command (update-recipient) against them to show them in Exchange GAL.
Please read article for more information :
Thank you for reading !