Office 365 Group name appears with a random name in Active Directory, but correct in the cloud?

EE-9037 521 Reputation points
2022-01-20T18:14:11.593+00:00

Hi,

When I create an Office 365 Group and then sync down to Active Directory, the CN is gibberish. We are in a Hybrid environment with AD Connect. For example, if the name of the O365 group is "Group ABC", in Active Directory it will appear as "$I5P0-0AT59AAAAA" or "Group_abc1230000"

What should I do so that when it syncs to Active Directory, the CN will be the name I gave in Office 365? Do I have to manually rename each group or is there something I have to do during group creation?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,553 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 22,291 Reputation points Microsoft Employee
    2022-01-21T01:49:37.173+00:00

    Hi @EE-9037 ,

    I understand that you are using Group Writeback from Office 365 to Active Directory and seeing the groups appear as GUIDs.

    This is expected behavior because Azure AD Connect group writeback writes back the GUIDs and the membership but not the group names from Office 365.

    If you check your group membership via the your tenant's admin panel rather than directly in Active Directory Users and Computers, you should see the names rather than the GUIDs.

    If you want to re-name the on-premises groups, you will have to do this directly from Active Directory. It is basically a manual process since the names do not directly sync back. To re-name the groups in bulk, you can set the properties using the Set-ADGroup cmdlet.

    Example 1:
    Get-ADGroup $OldName | Set-ADGroup -Replace @{SamAccountName=$newAccountName; proxyAddresses=$newProxyAddresses; mail=$newmail }

    Example 2: 

    $Groups = Import-Csv "RenameGroups.csv"  
  
    foreach ($Group in $Groups)  
    {  
        $TempOldName = $Group.OldName  
    	$TempNewName = $Group.NewName  
    	$TempGroup = Get-ADGroup $Group.OldName  
    	  
        try  
       {  
       		"In try: working on $TempOldName"  
            Set-ADGroup -Identity $TempGroup -SamAccountName $TempNewName  
            Rename-ADObject -Identity $TempGroup -NewName $TempNewName  
            Write-Output ($TempOldName + " has been renamed to " + $TempNewName)  
        }  
      
        catch  
        {  
    		"in Catch for $TempOldName"  
            Write-Output "Error: $_"  
        }

    Additional reading:
    AD Group Shows Numbers/Letters