Disable group writeback
Important
The public preview of Group Writeback v2 in Microsoft Entra Connect Sync will no longer be available after June 30, 2024. This feature will be discontinued on this date, and you will no longer be supported in Connect Sync to provision cloud security groups to Active Directory.
We offer similar functionality in Microsoft Entra Cloud Sync called Group Provision to Active Directory that you can use instead of Group Writeback v2 for provisioning cloud security groups to Active Directory. We're working on enhancing this functionality in Cloud Sync along with other new features that we're developing in Cloud Sync.
Customers who use this preview feature in Connect Sync should switch their configuration from Connect Sync to Cloud Sync. You can choose to move all your hybrid sync to Cloud Sync (if it supports your needs). You can also run Cloud Sync side by side and move only cloud security group provisioning to Active Directory onto Cloud Sync.
For customers who provision Microsoft 365 groups to Active Directory, you can keep using Group Writeback v1 for this capability.
You can evaluate moving exclusively to Cloud Sync by using the user synchronization wizard.
This article walks you through disabling group writeback in Microsoft Entra Connect.
Disable group writeback by using the wizard
Open the Microsoft Entra Connect wizard and go to the Additional Tasks page. Select the Customize synchronization options task, and then select Next.
On the Optional Features page, clear the checkbox for group writeback. In the warning that groups will be deleted, select Yes.
Important
Disabling group writeback sets the flags for full import and full synchronization in Active Directory Connect to
true. It will cause any groups that were previously created by this feature to be deleted from your local Active Directory instance in the next synchronization cycle.Select Next.
Select Configure.
Disable or roll back group writeback via PowerShell
Open a PowerShell prompt as an administrator.
Disable the sync scheduler after verifying that no synchronization operations are running:
Set-ADSyncScheduler -SyncCycleEnabled $falseImport the ADSync module:
Import-Module 'C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1'Disable the group writeback feature for the tenant:
Set-ADSyncAADCompanyFeature -GroupWritebackV2 $falseRe-enable the sync scheduler:
Set-ADSyncScheduler -SyncCycleEnabled $true
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for