Jan 31 2019
- last edited on
Jul 24 2020
We have about 500 distribution groups in our on-premise Active Directory. They are synced via AD Connect.
Is there a way to make AzureAD the authoritative source, without having to recreate the groups in the cloud only? Basically cutting the ties to our on-premise AD, so we can delete the groups in our local AD without it affecting them in AzureAD?
The alternative (that I rather don't do) would be to delete them from on-premise, sync the deletion and then recreate them in the cloud. But that way we risk that our users get NDR messages until they delete their Outlook cache, which is quite a problem with 700 users.
Jan 31 2019 11:17 PM
The only way to make Azure AD the SOA is to disable DirSync. With user objects we have some other options/workarounds, but for groups we cannot play with the anchor/immutableID.
Mar 09 2020 02:14 AM
Has anyone actually tried this? I'm wondering if the members of the groups are replicated as well or is it just the distribution group?