Forum Discussion
Group writeback doesn't sync back to Entra
Hi all Can't find documentation on this if this should actually work or not. I enabled group writeback, which works fine. Now if I add a user to one of those groups in local Active Directory and ...
Hi JCRNPat ,
Current supported method for achieving group writeback functionality is by using Entra Cloud Sync .
- Entra Cloud Sync supports the group writeback feature, which writes Security groups which are in write back scope from Entra ID back to a designated Organizational Unit (OU) in the on-premises Active Directory. There few limitations with group write back features as well which you should be aware of ,refer to Microsoft’s https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/
Why Membership Doesn’t Sync as Expected:
- Even with group writeback enabled via Cloud Sync, group membership changes made locally in on-premises AD will not automatically sync back to Entra ID if the group originated in the cloud.
- Memberships for writeback-enabled groups should always be managed in Entra ID for consistent synchronization and conflict avoidance.
Recommended Action:
- If you’re currently using Entra ID Connect for group writeback, it’s necessary to transition to Entra Cloud Sync to enable this feature.
- Ensure that group membership is managed in the correct system:
- For groups originating in Entra ID, manage membership in the cloud.
- For groups originating in AD, manage membership locally.