Merge pull request #24637 from cychua/patch-5

PRMerger6 · web-flow · commit a94a035c6b09 · 2017-10-03T15:45:57.000Z
Remove incorrect info about groups/contacts
diff --git a/articles/active-directory/connect/active-directory-aadconnect-existing-tenant.md b/articles/active-directory/connect/active-directory-aadconnect-existing-tenant.md
@@ -48,7 +48,7 @@ If you matched your objects with a soft-match, then the **sourceAnchor** is adde
 For a new installation of Connect, there is no practical difference between a soft- and a hard-match. The difference is in a disaster recovery situation. If you have lost your server with Azure AD Connect, you can reinstall a new instance without losing any data. An object with a sourceAnchor is sent to Connect during initial install. The match can then be evaluated by the client (Azure AD Connect), which is a lot faster than doing the same in Azure AD. A hard match is evaluated both by Connect and by Azure AD. A soft match is only evaluated by Azure AD.
 
 ### Other objects than users
-Users usually have both userPrincipalName and proxyAddresses, making the match easy. But other objects, such as security groups, do not have those. In this case, you can only match on a hard match using the sourceAnchor. The sourceAnchor is always the Base64 converted **objectGUID** on-premises, so you must update the value in Azure AD when you need two objects to match. The sourceAnchor/immutableID can only be updated with PowerShell and not through the portals.
+For mail-enabled groups and contacts, you can soft-match based on proxyAddresses. Hard-match is not applicable since you can only update the sourceAnchor/immutableID (using PowerShell) on Users only. For groups that aren't mail-enabled, there is currently no support for soft-match or hard-match.
 
 ## Create a new on-premises Active Directory from data in Azure AD
 Some customers start with a cloud-only solution with Azure AD and they do not have an on-premises AD. Later they want to consume on-premises resources and want to build an on-premises AD based on Azure AD data. Azure AD Connect cannot help you for this scenario. It does not create users on-premises and it does not have any ability to set the password on-premises to the same as in Azure AD.
