Share via

Re-create the link of on-prem AD group to EntraId object using graph APIs

Anonymous
2024-09-25T17:38:52.3933333+00:00

Hello everyone,

I am trying to recreate EntraId group object (if for some reason the group was deleted on the EntraID side) which was created with Cloud Sync from on-prem AD.

Is there an API which would enable the "sync link" recreation also during group creation (or some API which can be called later to add link with/to on-prem object), similar like it can be done for user objects with setting "onPremisesImmutableId" parameter?

From provisoning logs it can be seen like the group has aslo similar property as users("onPremisesImmutableId") namde for groups as "OnPremisesObjectIdentifier" - can this identifier be set for groups somehow and would this help to recover link to on-prem object?

Any advice would be appreciated. Thanks,

Klemen

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carolyne-3676 956 Reputation points
    2025-02-18T07:20:33.9666667+00:00

    The Microsoft Graph API does not provide a functionality to link an Azure AD Group to an on-premises AD Group directly.
    The usual process of linking Azure AD groups to on-premises AD groups involves Azure AD Connect and it can't be achieved directly through the API. If the group was deleted on the Azure side, it should be recreated on the next sync from on-premises AD via Azure AD Connect.
    Please refer to these docs on preventing accidental deletion and customizing synchronization for guidance on how syncing.

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-feature-prevent-accidental-deletes

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-whatis

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.