Need deletion of Hybrid AD Distribution Group "All Users", ObjectId: 2cdb1ce2-876e-4054-b107-0a2c7f0e536c

Stéphane Rousseau 0 Reputation points
2025-05-21T13:09:40.0433333+00:00

We have deleted this group in our local AD but it remains in Azure Entra.
We need the Distribution Group Deleted in Entra.

Exchange | Hybrid management
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 119.8K Reputation points MVP Volunteer Moderator
    2025-05-22T07:03:42.7+00:00

    Are you getting any sync errors? Have you checked whether the deleted group is still visible in the metaverse? Here's an article describing the troubleshooting steps you can follow: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-object-not-syncing#connector-space-object-properties

    As a workaround, you can delete the group directly in the cloud via PowerShell or the Graph API (or the Entra portal).

    1 person found this answer helpful.
    0 comments No comments

  2. Jinnie Nguyen 310 Reputation points Independent Advisor
    2025-05-26T06:54:43.9966667+00:00

    Hello Stéphane Rousseau,

    This is a hybrid identity synchronization issue, and the group is likely still recognized as a synced object by Azure AD Connect. Here's how to proceed:

    1. Check for Sync Errors:

    2. Verify Deletion in Local AD

    • Search for the group using its ObjectId or Distinguished Name (DN) in your on-premises Active Directory.
    • Ensure it is fully deleted and not lingering in the Deleted Objects container.

    3. Force a Full Sync Cycle

    If the group is confirmed deleted in local AD:

    • Run the following PowerShell commands on the server with Azure AD Connect:

    </> Powershell:

    Start-ADSyncSyncCycle -PolicyType Initial

    This will trigger a full sync, including deletions.

    4. Do Not Manually Delete in Entra ID

    Manually deleting a hybrid-synced object in Microsoft Entra ID is not supported and will not work.

    Azure will continue to treat it as a synced object and may reintroduce it or throw errors.

    5. If You See [UNUSUALACTIVITY]

    If the group is flagged with [UNUSUALACTIVITY], this may indicate a security concern or compromise.

    In that case, escalate to the Microsoft Security or Identity Protection team by opening a support ticket.


    If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!

    Best regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.