Merge pull request #211252 from ShawnJackson/four-how-to-connect-articles

edit pass: Four how-to-connect articles

Author: itechedit

articles/active-directory/hybrid/how-to-connect-group-writeback-disable.md

@@ -1,6 +1,6 @@
 ---
 title: 'Disable group writeback in Azure AD Connect'
-description: This article describes how to disable Group Writeback in Azure AD Connect. 
+description: This article describes how to disable group writeback in Azure AD Connect by using the wizard and PowerShell. 
 services: active-directory
 author: billmath
 manager: amycolannino
@@ -14,48 +14,47 @@ ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Disabling group writeback 
-The following document will walk you thorough disabling group writeback. To disable group writeback for your organization, use the following steps: 
+# Disable group writeback 
+This article walks you through disabling group writeback in Azure Active Directory (Azure AD) Connect. 
 
-1. Launch the Azure Active Directory Connect wizard and navigate to the Additional Tasks page. Select the Customize synchronization options task and click next. 
-2. On the Optional Features page, uncheck group writeback. You'll receive a warning letting you know that groups will be deleted. Click Yes. 
- >[!Important] 
- >Disabling Group Writeback will cause any groups that were previously created by this feature to be deleted from your local Active Directory on the next synchronization cycle. 
-
-3. Uncheck the box 
-4. Click Next. 
-5. Click Configure. 
+## Disable group writeback by using the wizard
 
+1. Open the Azure AD Connect wizard and go to the **Additional Tasks** page. Select the **Customize synchronization options task**, and then select **Next**. 
+2. On the **Optional Features** page, clear the checkbox for group writeback. In the warning that groups will be deleted, select **Yes**. 
+ 
+   > [!IMPORTANT] 
+   > Disabling group writeback sets the flags for full import and full synchronization in Active Directory Connect to `true`. It will cause any groups that were previously created by this feature to be deleted from your local Active Directory instance in the next synchronization cycle. 
 
->[!Note] 
->Disabling Group Writeback will set the Full Import and Full Synchronization flags to 'true' on the Azure Active Directory Connector, causing the rule changes to propagate through on the next synchronization cycle, deleting the groups that were previously written back to your Active Directory. 
+3. Select **Next**. 
+4. Select **Configure**. 
 
- 
 
-## Rolling back group writeback 
+## Disable or roll back group writeback via PowerShell 
 
-To disable or roll back group writeback via PowerShell, do the following: 
+1. Open a PowerShell prompt as an administrator. 
+2. Disable the sync scheduler after verifying that no synchronization operations are running:
 
-1. Open a PowerShell prompt as administrator. 
-2. Disable the sync scheduler after verifying that no synchronization operations are running: 
-``` PowerShell 
- Set-ADSyncScheduler -SyncCycleEnabled $false  
- ``` 
+   ``` PowerShell 
+   Set-ADSyncScheduler -SyncCycleEnabled $false  
+   ``` 
 3. Import the ADSync module: 
- ``` PowerShell 
- Import-Module  'C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1' 
- ``` 
+
+   ``` PowerShell 
+   Import-Module  'C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1' 
+   ``` 
 4. Disable the group writeback feature for the tenant: 
- ``` PowerShell 
- Set-ADSyncAADCompanyFeature -GroupWritebackV2 $false 
- ``` 
-5. Re-enable the Sync Scheduler 
- ``` PowerShell 
- Set-ADSyncScheduler -SyncCycleEnabled $true  
- ``` 
+
+   ``` PowerShell 
+   Set-ADSyncAADCompanyFeature -GroupWritebackV2 $false 
+   ``` 
+5. Re-enable the sync scheduler:
+
+   ``` PowerShell 
+   Set-ADSyncScheduler -SyncCycleEnabled $true  
+   ``` 
 
 
-## Next Steps: 
+## Next steps 
 
 - [Azure AD Connect group writeback](how-to-connect-group-writeback-v2.md) 
 - [Modify Azure AD Connect group writeback default behavior](how-to-connect-modify-group-writeback.md) 

articles/active-directory/hybrid/how-to-connect-group-writeback-enable.md

@@ -1,6 +1,6 @@
 ---
 title: 'Enable Azure AD Connect group writeback'
-description: This article describes how to enable Group Writeback in Azure AD Connect. 
+description: This article describes how to enable group writeback in Azure AD Connect by using PowerShell and a wizard. 
 services: active-directory
 author: billmath
 manager: amycolannino
@@ -16,105 +16,85 @@ ms.collection: M365-identity-device-management
 
 # Enable Azure AD Connect group writeback 
 
-Group writeback is the feature that allows you to write cloud groups back to your on-premises Active Directory using Azure AD Connect Sync. 
+Group writeback is a feature that allows you to write cloud groups back to your on-premises Active Directory instance by using Azure Active Directory (Azure AD) Connect sync. 
 
-The following document will walk you through enabling group writeback. 
+This article walks you through enabling group writeback. 
 
-## Deployment Steps 
+## Deployment steps 
 
-Group writeback requires enabling both the original and new versions of the feature. If the original version was previously enabled in your environment, you will only need to follow the first set of steps, as the second set of steps has already been completed. 
+Group writeback requires enabling both the original and new versions of the feature. If the original version was previously enabled in your environment, you need to use only the first set of the following steps, because the second set of steps has already been completed. 
 
->[!Note] 
->It is recommended that you follow the [swing migration](how-to-upgrade-previous-version.md#swing-migration) method for rolling out the new group writeback feature in your environment. This method will provide a clear contingency plan in the event that a major rollback is necessary. 
-
-  
-### Step 1 - Enable group writeback using PowerShell 
-
-1. On your Azure AD Connect server, open a PowerShell prompt as administrator. 
-2. Disable the sync scheduler after verifying that no synchronization operations are running. 
-
- ``` PowerShell 
- Set-ADSyncScheduler -SyncCycleEnabled $false  
- ``` 
-3. Import the ADSync module. 
- ``` PowerShell 
- Import-Module  'C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1' 
- ``` 
-4. Enable the group writeback feature for the tenant. 
- ``` PowerShell 
- Set-ADSyncAADCompanyFeature -GroupWritebackV2 $true 
- ``` 
-5. Re-enable the Sync Scheduler. 
- ``` PowerShell 
- Set-ADSyncScheduler -SyncCycleEnabled $true  
- ``` 
-
-### Step 2 – Enable group writeback using Azure AD Connect wizard 
-If the original version of group writeback was not previously enabled, continue with the following steps. 
-
+> [!NOTE] 
+> We recommend that you follow the [swing migration](how-to-upgrade-previous-version.md#swing-migration) method for rolling out the new group writeback feature in your environment. This method will provide a clear contingency plan if a major rollback is necessary. 
+
+### Enable group writeback by using PowerShell 
+
+1. On your Azure AD Connect server, open a PowerShell prompt as an administrator. 
+2. Disable the sync scheduler after you verify that no synchronization operations are running: 
+
+   ``` PowerShell 
+   Set-ADSyncScheduler -SyncCycleEnabled $false  
+   ``` 
+3. Import the ADSync module:
+
+   ``` PowerShell 
+   Import-Module  'C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1' 
+   ``` 
+4. Enable the group writeback feature for the tenant:
+
+   ``` PowerShell 
+   Set-ADSyncAADCompanyFeature -GroupWritebackV2 $true 
+   ``` 
+5. Re-enable the sync scheduler:
+
+   ``` PowerShell 
+   Set-ADSyncScheduler -SyncCycleEnabled $true  
+   ``` 
+
+### Enable group writeback by using the Azure AD Connect wizard 
+If the original version of group writeback was not previously enabled, continue with the following steps: 
+
+1. On your Azure AD Connect server, open the Azure AD Connect wizard.
+2. Select **Configure**, and then select **Next**. 
+3. Select **Customize synchronization options**, and then select **Next**. 
+4. On the **Connect to Azure AD** page, enter your credentials. Select **Next**. 
+5. On the **Optional features** page, verify that the options you previously configured are still selected. 
+6. Select **Group Writeback**, and then select **Next**. 
+7. On the **Writeback** page, select an Active Directory organizational unit (OU) to store objects that are synchronized from Microsoft 365 to your on-premises organization. Select **Next**. 
+8. On the **Ready to configure** page, select **Configure**. 
+9. On the **Configuration complete** page, select **Exit**. 
+
+After you finish this procedure, group writeback is configured automatically. If you experience permission issues while exporting the object to Active Directory, open Windows PowerShell as an administrator on the Azure AD Connect server. Then run the following commands. This step is optional. 
 
-
-1. On your Azure AD Connect server, open the Azure AD Connect wizard, select **Configure** and then click **Next**. 
-2. Select **Customize synchronization options** and then click **Next**. 
-3. On the **Connect to Azure AD page**, enter your credentials. Click **Next**. 
-4. On the **Optional features** page, verify that the options you previously configured are still selected. 
-5. Select **Group Writeback** and then click **Next**. 
-6. On the **Writeback page**, select an Active Directory organizational unit (OU) to store objects that are synchronized from Microsoft 365 to your on-premises organization, and then click **Next**. 
-7. On the **Ready to configure page**, click **Configure**. 
-8. When the wizard is complete, click **Exit** on the Configuration complete page. Group Writeback will be automatically configured. 
-
- >[!Note] 
- >The following is performed automatically after the last step above. However, if you experience permission issues while exporting the object to AD then do the following: 
- >  
- >Open the Windows PowerShell as an Administrator on the Azure Active Directory Connect server, and run the following commands. This step is optional 
- > 
- >``` PowerShell 
- >$AzureADConnectSWritebackAccountDN =  <MSOL_ account DN> 
- >Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1" 
- > 
- ># To grant the <MSOL_account> permission to all domains in the forest: 
- >Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $AzureADConnectSWritebackAccountDN 
- > 
- ># To grant the <MSOL_account> permission to specific OU (eg. the OU chosen to writeback Office 365 Groups to): 
- >$GroupWritebackOU = <DN of OU where groups are to be written back to> 
- >Set-ADSyncUnifiedGroupWritebackPermissions –ADConnectorAccountDN $AzureADConnectSWritebackAccountDN -ADObjectDN $GroupWritebackOU 
- >``` 
-
+``` PowerShell 
+$AzureADConnectSWritebackAccountDN =  <MSOL_ account DN> 
+Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1" 
  
+# To grant the <MSOL_account> permission to all domains in the forest: 
+Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $AzureADConnectSWritebackAccountDN 
+ 
+# To grant the <MSOL_account> permission to a specific OU (for example, the OU chosen to write back Office 365 groups to): 
+$GroupWritebackOU = <DN of OU where groups are to be written back to> 
+Set-ADSyncUnifiedGroupWritebackPermissions –ADConnectorAccountDN $AzureADConnectSWritebackAccountDN -ADObjectDN $GroupWritebackOU 
+``` 
 
 ## Optional configuration 
 
-To make it easier to find groups being written back from Azure AD to Active Directory, there's an option to write back the group distinguished name with the cloud display name. 
+To make it easier to find groups being written back from Azure AD to Active Directory, there's an option to write back the group distinguished name by using the cloud display name: 
 
 - Default format: 
-CN=Group_3a5c3221-c465-48c0-95b8-e9305786a271, OU=WritebackContainer, DC=domain, DC=com  
+`CN=Group_3a5c3221-c465-48c0-95b8-e9305786a271, OU=WritebackContainer, DC=domain, DC=com`  
 
-- New Format: 
-CN=Administrators_e9305786a271, OU=WritebackContainer, DC=domain, DC=com  
+- New format: 
+`CN=Administrators_e9305786a271, OU=WritebackContainer, DC=domain, DC=com`  
 
-When configuring group writeback, there will be a checkbox at the bottom of the Group Writeback configuration window. Select the box to enable this feature. 
+When you're configuring group writeback, a checkbox appears at the bottom of the configuration window. Select it to enable this feature. 
 
->[!NOTE]
->Groups being written back from Azure AD to AD will have a source of authority of the cloud. This means any changes made on-premises to groups that are written back from Azure AD will be overwritten on the next sync cycle. 
+> [!NOTE]
+> Groups being written back from Azure AD to Active Directory will have a source of authority in the cloud. Any changes made on-premises to groups that are written back from Azure AD will be overwritten in the next sync cycle. 
 
-## Next steps: 
+## Next steps 
 
 - [Azure AD Connect group writeback](how-to-connect-group-writeback-v2.md) 
 - [Modify Azure AD Connect group writeback default behavior](how-to-connect-modify-group-writeback.md) 
 - [Disable Azure AD Connect group writeback](how-to-connect-group-writeback-disable.md) 
-
- 
-
- 
-
- 
-
- 
-
- 
-
- 
-
- 
-
-