This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 57.99999999999999%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hello, I have installed AAD connect 2.2.8 and enabled group write back, it is configured to only create write back enabled groups to our local AD. I have set to not write back new groups.
it syncs ok, but every group is created. I delete a group from the local AD OU and it syncs it back again.
what am I doing wrong?
Can you share the synchronization logs?
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Seems to me that if you migrate group sync to Entra Cloud sync, you can prevent 365 group writeback:
As our groups are Microsoft 365 groups I don't think this applies?
Supported groups
For this scenario, only the following is supported:
Ok, you want to writeback 365 groups. Gotcha, I was thinking you didnt.
yes but only those that I choose
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you have upgraded to AD connect (Microsoft Entra Connect) version 2.2.8 and group writeback is enabled.
But with this feature enabled all groups are getting written back to on-premises AD even though you have set groups not to write back.
This is a default behavior in group writeback V2.
When you're enabling group writeback, you'll experience the following default behavior:
Changes made to these groups in Microsoft Entra ID won't be written back until the groups are re-enabled for writeback or restored from a soft-delete state. This requirement helps protect the Active Directory groups from accidental deletion, if they're unintentionally disabled for writeback or soft deleted in Microsoft Entra ID.
In above explanation you can see the first point due to which you are seeing this behavior.
It is mentioned in our public article as well.
But you can change this default behavior by following steps in below article,
You will have to use PowerShell to make these changes.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
I have set the new groups behaviour to be false.
FYI :
I don't know where my previous reply went, apologies if this is a repeat:
FYI:
(I have tested this with both set as $true but we get the same sync all behaviour)
To clarify I am trying to get only groups synced that I manually set as 'Writeback enabled' but they are all currently syncing to the local AD OU.
Looking at your last comment Sandeep, does this mean there is no way to prevent writeback of every group if they're 365 groups?
"This is a default behavior in group writeback V2. When you're enabling group writeback, you'll experience the following default behavior:
Yes, this is a default behavior where All existing Microsoft 365 groups will automatically be written back to Active Directory
But you can change this default behavior by following steps in below article,
Let me know if you have made changes using steps in above article
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.