Group writeback features allows to writeback Office 365 Groups to On-Prem. This helps to show up in GAL if you have mixed set of users on-prem and in exchange online.
FYI, Group writeback feature does not include security groups or distribution groups created in Exchange Online.
Here are the steps to enable Group writeback :-
- Create a Organizational Unit on-prem to host synced Office 365 Groups from Office 365.
- Grant permission account running Azure AD Sync to create objects on-prem. Account named would be starting with ‘MSOL’. Also you can find that account in AD connect console as well.
- Run these command with account having domain admin rights and update the cn with your domain’s account.
$AzureADConnectSWritebackAccountDN = ‘CN=MSOL_d557833993ae,CN=Users,DC=lab,DC=local‘
Import-Module “C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1”
Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $AzureADConnectSWritebackAccountDN
- I created an OU named ‘Office365Groups‘
- Launch Azure AD Connect.
- Navigate to customize synchronization options.
- Provide your Global Administrator credentials and select ‘Group Writeback’.
- As soon as you click ‘Group Writeback’ a new option will appear in navigation tree.
- Select OU created to host Office 365 groups. Here I selected ‘Office365Groups’ OU.
- Click configure and check mark ‘synchronization’.
- It will now created objects in the OU, Also please monitor synchronization service. because that might throw error if service account doesn’t have sufficient permission to create objects in OU.
- New objects will look like below and please run command (update-recipient) against them to show them in Exchange GAL.
Please read article for more information :
Thank you for reading !
Great guide, I followed it and now have Group Writeback working! One slight typo: Provide your Global Administrator credentials and select ‘Device Writeback’. – should be Group Writeback 🙂
Thank you for your comment, I have made the correction.
Great Guide, do we need to purchase Azure Active Directory Premium license for this feature to be enabled?
It requires Azure AD Premium P2, As you may know even with single Azure AD Premium you can enable this feature but to be compliant you would have to maintain a ratio of user v/s azure ad premium licenses. I will post that url tomorrow for your reference.
I am keen on seeing this as well please – cannot find too much detailed licence related information due to it being in Preview mode.
Let me explore and give correct answer by tomorrow..I checked but that ratio thing was for guest accounts.
You just need a single Azure AD premium P1 to enable this feature but To be compliant all members of Office 365 group should have a license. Please contact your license reseller or Microsoft for more clarification. A similar thing has been mentioned for groups-lifecycle.