Hello Stéphane Rousseau,
This is a hybrid identity synchronization issue, and the group is likely still recognized as a synced object by Azure AD Connect. Here's how to proceed:
1. Check for Sync Errors:
2. Verify Deletion in Local AD
- Search for the group using its ObjectId or Distinguished Name (DN) in your on-premises Active Directory.
- Ensure it is fully deleted and not lingering in the Deleted Objects container.
3. Force a Full Sync Cycle
If the group is confirmed deleted in local AD:
- Run the following PowerShell commands on the server with Azure AD Connect:
</> Powershell:
Start-ADSyncSyncCycle -PolicyType Initial
This will trigger a full sync, including deletions.
4. Do Not Manually Delete in Entra ID
Manually deleting a hybrid-synced object in Microsoft Entra ID is not supported and will not work.
Azure will continue to treat it as a synced object and may reintroduce it or throw errors.
5. If You See [UNUSUALACTIVITY]
If the group is flagged with [UNUSUALACTIVITY], this may indicate a security concern or compromise.
In that case, escalate to the Microsoft Security or Identity Protection team by opening a support ticket.
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!
Best regards,