none
Group writeback destination OU

    Question

  • I ran into an issue with group writeback My predecessor enabled group writeback and set the destination to the root when he first configured AD Connect and then immediately disabled group writeback. We want to enable group writeback again, but I am unable to change the destination OU, all groups are created in the root.

    I've tried the AAD Connect GUI, but the option to select a destination OU is greyed out. I've disabled and re-enabled group writeback, but the option is still greyed out. I've also upgraded AAD Connect to the most recent version, but I was unable to change it in that version as well.

    Initialize-ADSyncGroupWriteback with the new destination OU gives a "Configuration Complete", but does not actually change the destination OU.

    Does anyone know how I can change the destination OU?
    (I know this feature is still in Preview)

    Wednesday, April 19, 2017 9:16 AM

Answers

  • If you prefer to use the UI to configure Group writeback, you can use PSH to flush the previously configured OU:

    1. Confirm Group writeback is indeed disabled in the AADConnect wizard.
    2. Start PowerShell session on the sync server and run the following cmdlets
    $a = Get-ADSyncGlobalSettings
    ($a.parameters | where {$_.Name -eq "Microsoft.GroupWriteBack.Container"}).Value = ""
    $a | Set-ADSyncGlobalSettings

    If you go back to the wizard, the OU textbox should now be enabled.

    • Marked as answer by Patrick Bart Thursday, April 20, 2017 11:29 AM
    Thursday, April 20, 2017 7:53 AM

All replies

  • When you are using the Initialize-ADSyncGroupWriteback, please use the cmdlet as shown below:

    $accountName = "domain\aad_account" 
    #[this is the account that will be used by Azure AD Connect Sync to manage objects in the directory, this is an account usually in the form of AAD_number].
    $cloudGroupOU = "OU=CloudGroups,DC=contoso,DC=com"
    Initialize-ADSyncGroupWriteBack -AdConnectorAccount $accountName -GroupWriteBackContainerDN $cloudGroupOU


    Thursday, April 20, 2017 7:27 AM
    Moderator
  • If you prefer to use the UI to configure Group writeback, you can use PSH to flush the previously configured OU:

    1. Confirm Group writeback is indeed disabled in the AADConnect wizard.
    2. Start PowerShell session on the sync server and run the following cmdlets
    $a = Get-ADSyncGlobalSettings
    ($a.parameters | where {$_.Name -eq "Microsoft.GroupWriteBack.Container"}).Value = ""
    $a | Set-ADSyncGlobalSettings

    If you go back to the wizard, the OU textbox should now be enabled.

    • Marked as answer by Patrick Bart Thursday, April 20, 2017 11:29 AM
    Thursday, April 20, 2017 7:53 AM
  • That was what I was looking for, thanks
    Thursday, April 20, 2017 11:30 AM
  • After making a typo this was exactly what I needed, thanks.
    Sunday, April 15, 2018 1:17 PM