Jan 31 2019
01:32 PM
- last edited on
Jan 14 2022
03:58 PM
by
TechCommunityAP
Jan 31 2019
01:32 PM
- last edited on
Jan 14 2022
03:58 PM
by
TechCommunityAP
We have about 500 distribution groups in our on-premise Active Directory. They are synced via AD Connect.
Is there a way to make AzureAD the authoritative source, without having to recreate the groups in the cloud only? Basically cutting the ties to our on-premise AD, so we can delete the groups in our local AD without it affecting them in AzureAD?
The alternative (that I rather don't do) would be to delete them from on-premise, sync the deletion and then recreate them in the cloud. But that way we risk that our users get NDR messages until they delete their Outlook cache, which is quite a problem with 700 users.
Jan 31 2019 02:08 PM
I know that script, but that's exactly what I'm trying to avoid.
Jan 31 2019 11:17 PM
The only way to make Azure AD the SOA is to disable DirSync. With user objects we have some other options/workarounds, but for groups we cannot play with the anchor/immutableID.
Feb 08 2019 11:50 PM
Mar 09 2020 02:14 AM
Has anyone actually tried this? I'm wondering if the members of the groups are replicated as well or is it just the distribution group?