You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/how-to-connect-group-writeback-v2.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -123,10 +123,14 @@ Microsoft provides support for this public preview release, but it might not be
123
123
124
124
These limitations and known issues are specific to group writeback:
125
125
126
-
- Cloud [distribution list groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) created in Exchange Online can't be written back to Active Directory. Only Microsoft 365 and Azure AD security groups are supported.
127
-
- When you enable group writeback, all existing Microsoft 365 groups are written back and created as distribution groups by default. This behavior is for backward compatibility with the current version of group writeback. You can modify this behavior by following the steps in [Modify Azure AD Connect group writeback default behavior](how-to-connect-modify-group-writeback.md).
128
-
- When you disable writeback for a group, the group won't automatically be removed from your on-premises Active Directory instance until you hard delete it in Azure AD. You can modify this behavior by following the steps in [Modify Azure AD Connect group writeback default behavior](how-to-connect-modify-group-writeback.md).
129
-
- Group writeback does not support writeback of nested group members that have a scope of **Domain local** in Active Directory, because Azure AD security groups are written back with a scope of **Universal**.
126
+
- Cloud [distribution list groups](https://docs.microsoft.com/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) created in Exchange Online cannot be written back to AD, only Microsoft 365 and Azure AD security groups are supported.
127
+
- To be backwards compatible with the current version of group writeback, when you enable group writeback, all existing Microsoft 365 groups are written back and created as distribution groups, by default.
128
+
- When you disable writeback for a group, the group won't automatically be removed from your on-premises Active Directory, until hard deleted in Azure AD. This behavior can be modified by following the steps detailed in [Modifying group writeback](how-to-connect-modify-group-writeback.md)
129
+
- Group Writeback does not support writeback of nested group members that have a scope of ‘Domain local’ in AD, since Azure AD security groups are written back with scope ‘Universal’. If you have a nested group like this, you'll see an export error in Azure AD Connect with the message “A universal group cannot have a local group as a member.” The resolution is to remove the member with scope ‘Domain local’ from the Azure AD group or update the nested group member scope in AD to ‘Global’ or ‘Universal’ group.
130
+
- Group Writeback only supports writing back groups to a single Organization Unit (OU). Once the feature is enabled, you cannot change the OU you selected. A workaround is to disable group writeback entirely in Azure AD Connect and then select a different OU when you re-enable the feature.
131
+
- Nested cloud groups that are members of writeback enabled groups must also be enabled for writeback to remain nested in AD.
132
+
- Group Writeback setting to manage new security group writeback at scale is not yet available. You will need to configure writeback for each group.
133
+
130
134
131
135
If you have a nested group like this, you'll see an export error in Azure AD Connect with the message "A universal group cannot have a local group as a member." The resolution is to remove the member with the **Domain local** scope from the Azure AD group, or update the nested group member scope in Active Directory to **Global** or **Universal**.
132
136
- Group writeback supports writing back groups to only a single organizational unit (OU). After the feature is enabled, you can't change the OU that you selected. A workaround is to disable group writeback entirely in Azure AD Connect and then select a different OU when you re-enable the feature.
0 commit comments