Group writeback features allows to writeback Office 365 Groups to On-Prem. This helps to show up in GAL if you have mixed set of users on-prem and in exchange online.

FYI, Group writeback feature does not include security groups or distribution groups created in Exchange Online.

Here are the steps to enable Group writeback :-

  • Create a Organizational Unit on-prem to host synced Office 365 Groups from Office 365.
  • Grant permission account running Azure AD Sync to create objects on-prem. Account named would be starting with ‘MSOL’. Also you can find that account in AD connect console as well.7.PNG
  • Run these command with account having domain admin rights and update the cn with your domain’s account.

$AzureADConnectSWritebackAccountDN = ‘CN=MSOL_d557833993ae,CN=Users,DC=lab,DC=local

Import-Module “C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1”

Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $AzureADConnectSWritebackAccountDN

6

  • I created an OU named ‘Office365Groups
  • Launch Azure AD Connect.
  • Navigate to customize synchronization options.
  • Provide your Global Administrator credentials and select ‘Device Writeback’.1
  • As soon as you click ‘Group Writeback’ a new option will appear in navigation tree.2.PNG
  • Select OU created to host Office 365 groups. Here I selected ‘Office365Groups’ OU.3.png
  • Click configure and check mark ‘synchronization’.4.PNG
  • It will now created objects in the OU, Also please monitor synchronization service. because that might throw error if service account doesn’t have sufficient permission to create objects in OU.
  • New objects will look like below and please run command (update-recipient) against them to show them in Exchange GAL.

8.png

Please read article for more information :

https://docs.microsoft.com/en-us/exchange/hybrid-deployment/set-up-office-365-groups

Thank you for reading !

Advertisements