Hi,
When I create an Office 365 Group and then sync down to Active Directory, the CN is gibberish. We are in a Hybrid environment with AD Connect. For example, if the name of the O365 group is "Group ABC", in Active Directory it will appear as "$I5P0-0AT59AAAAA" or "Group_abc1230000"
What should I do so that when it syncs to Active Directory, the CN will be the name I gave in Office 365? Do I have to manually rename each group or is there something I have to do during group creation?
Hi @EE-9037,
I understand that you are using Group Writeback from Office 365 to Active Directory and seeing the groups appear as GUIDs.
This is expected behavior because Azure AD Connect group writeback writes back the GUIDs and the membership but not the group names from Office 365.
If you check your group membership via the your tenant's admin panel rather than directly in Active Directory Users and Computers, you should see the names rather than the GUIDs.
If you want to re-name the on-premises groups, you will have to do this directly from Active Directory. It is basically a manual process since the names do not directly sync back. To re-name the groups in bulk, you can set the properties using the Set-ADGroup cmdlet.
Example 1:
Get-ADGroup $OldName | Set-ADGroup -Replace @{SamAccountName=$newAccountName; proxyAddresses=$newProxyAddresses; mail=$newmail }
$Groups = Import-Csv "RenameGroups.csv"
foreach ($Group in $Groups)
{
$TempOldName = $Group.OldName
$TempNewName = $Group.NewName
$TempGroup = Get-ADGroup $Group.OldName
try
{
"In try: working on $TempOldName"
Set-ADGroup -Identity $TempGroup -SamAccountName $TempNewName
Rename-ADObject -Identity $TempGroup -NewName $TempNewName
Write-Output ($TempOldName + " has been renamed to " + $TempNewName)
}
catch
{
"in Catch for $TempOldName"
Write-Output "Error: $_"
}
Additional reading:
AD Group Shows Numbers/Letters
3 people are following this question.
