01-31-2019 01:32 PM
We have about 500 distribution groups in our on-premise Active Directory. They are synced via AD Connect.
Is there a way to make AzureAD the authoritative source, without having to recreate the groups in the cloud only? Basically cutting the ties to our on-premise AD, so we can delete the groups in our local AD without it affecting them in AzureAD?
The alternative (that I rather don't do) would be to delete them from on-premise, sync the deletion and then recreate them in the cloud. But that way we risk that our users get NDR messages until they delete their Outlook cache, which is quite a problem with 700 users.
01-31-2019 02:08 PM
I know that script, but that's exactly what I'm trying to avoid.
01-31-2019 11:17 PM
The only way to make Azure AD the SOA is to disable DirSync. With user objects we have some other options/workarounds, but for groups we cannot play with the anchor/immutableID.
02-08-2019 11:50 PM