Sync error due to deletion of licensed group

Michael Herzog 21 Reputation points
2022-09-09T05:50:12.93+00:00

Hello guys,

I deleted a licensed group from our AD that was synced to our AAD. It was licensed at the time of deletion and now I'm getting sync errors even though the group has already been deleted.

"DeletingLicensedGroupNotAllowed"

Did anyone encounter the same issue yet and has a solution for that?

Thank you a lot in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,413 questions
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 7,861 Reputation points Microsoft Employee
    2022-09-09T08:20:39.53+00:00

    Hello @Michael Herzog

    Thank you for reaching out. I assume you are getting error similar to what is show in below screenshot:

    239359-image.png

    I understand that you might have applied Group Based licenses to a group that is synchronized from On-Premises Active Directory, so that it allows you the flexibility to maintain group membership in a centralized directory and the flexibility to assign licenses without a second operation in a different directory.

    If you try to delete the Sync'd group which is licensed in Azure AD, AD Connect would fail to export changes to Azure AD to delete/remove that group, as it might impact users license assignment status. Hence would like to confirm that error you are receiving is an expected error. For more information you can also review Group Based License document - When a licensed group is deleted; which confirms that "You must remove all licenses assigned to a group before you can delete the group"

    Additionally, the Error message AD Connect Sync Service Client - "DeletingLicensedGroupNotAllowed" clearly states that a deletion is being attempted on a Sync'd Group that has Azure AD Group Based licenses applied and delete operation is not allowed. If we allow such operations all the users who are part of this group would be impacted with licenses being removed.

    To correct this condition the administrator must follow below steps:

    • Assign direct license to users who are part of the group on which you have received this error or add the user to a different Group which has same Group Based license so that they inherit licenses from that group.
    • Once step one is complete remove the licenses from the group as shown in below screenhot.

    239426-image.png

    • Once the licenses are removed from the group the next sync cycle will successfully delete the group and remove any errors associated to the from AD Sync Service Client.

    I hope this helps to resolve your query.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.