Microsoft Teams sync to on-premise AD

%3CLINGO-SUB%20id%3D%22lingo-sub-2166464%22%20slang%3D%22en-US%22%3EMicrosoft%20Teams%20sync%20to%20on-premise%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2166464%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20here's%20the%20situation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20you%20create%20a%20Team%20a%20whole%20load%20of%20other%20resources%20are%20also%20create%20such%20as%20SharePoint%2C%20mailbox%20and%20a%20group%20object%20that's%20used%20to%20handle%20emails.%20The%20group%20object%20is%20actually%20a%20Unified%20Group%20so%20somewhat%20different%20to%20your%20standard%20email%20enabled%20groups.%20Now%20because%20we%20are%20in%20hybrid%20we%20have%20mailbox%20both%20in%20cloud%20and%20on-premise.%20What%20we%20need%20to%20do%20is%20ensure%20that%20when%20a%20Teams%20email%20goes%20out%20that%20all%20those%20recipients%20are%20able%20to%20respond%20to%20the%20email%20including%20external%20recipients.%20To%20make%20this%20happen%20we%20need%20to%20sync%20the%20Unified%20Teams%20group%20to%20on-premise%20AD%20which%20we%20thought%20we%20could%20do%20by%20way%20of%20Azure%20AD%20Connect.%20Well%20sure%20enough%20having%20configured%20group%20write%20back%20we%20get%20a%20group%20object%20written%20to%20our%20AD%20but%20unlike%20the%20sync%20of%20mail%20enabled%20objects%20the%20primary%20email%20address%20does%20not%20allow%20from%20delivery%20to%20the%20tenant%20so%20you%20end%20up%20getting%20NDR's.%20What%20we%20need%20is%20the%20Group%20written%20to%20AD%20having%20the%20likes%20of%20a%20target%20address%20which%20resolves%20to%20the%20O365%20tenant%20address%20onmicrosoft.com%20but%20that%20not%20an%20attribute%20option%20for%20the%20group%20object%20write-back%20creates.%26nbsp%3B%20So%2C%20how%20do%20we%20get%20the%20Teams%20unified%20groups%20sync'd%20to%20on-premise%20so%20that%20we%20can%20route%20emails%20to%20the%20Team%20unified%20group.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2166464%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMessaging%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi all,

 

So here's the situation.

 

When you create a Team a whole load of other resources are also create such as SharePoint, mailbox and a group object that's used to handle emails. The group object is actually a Unified Group so somewhat different to your standard email enabled groups. Now because we are in hybrid we have mailbox both in cloud and on-premise. What we need to do is ensure that when a Teams email goes out that all those recipients are able to respond to the email including external recipients. To make this happen we need to sync the Unified Teams group to on-premise AD which we thought we could do by way of Azure AD Connect. Well sure enough having configured group write back we get a group object written to our AD but unlike the sync of mail enabled objects the primary email address does not allow from delivery to the tenant so you end up getting NDR's. What we need is the Group written to AD having the likes of a target address which resolves to the O365 tenant address onmicrosoft.com but that not an attribute option for the group object write-back creates.  So, how do we get the Teams unified groups sync'd to on-premise so that we can route emails to the Team unified group.

0 Replies