Introduction
This module focuses on managing users and groups when implementing directory synchronization. You learn that following the synchronization of your on-premises Active Directory objects with Microsoft 365, you can no longer manage those objects using the Microsoft 365 admin center or the Exchange Online admin center (EAC). The reason for this restriction is that the system doesn't synchronize all synchronized attributes back to your on-premises environment.
You also learn that following directory synchronization, you must manage all group membership in your on-premises Active Directory. Directory synchronization of both users and groups in Microsoft 365 is similar. The system synchronizes groups and their membership in Active Directory from on-premises Active Directory to Microsoft Entra ID. And similar to the user writeback feature, you learn that group writeback also writes Microsoft 365 groups from Microsoft Entra ID back to on-premises Active Directory.
This module also examines how Microsoft Entra Connect automatically creates Microsoft Entra Connect Sync Security Groups to:
- Delegate control in Microsoft Entra Connect to other users
- Assign a user temporary permission to run a manual synchronization
- Troubleshoot directory synchronization issues using Microsoft EntraConnect
You also learn about Microsoft Identity Manager (MIM). MIM is an identity management solution that helps organizations manage and synchronize user identities across various systems and directories.
The module concludes with a discussion on troubleshooting directory synchronization. When Microsoft 365 Administrators troubleshoot directory synchronization issues, they must analyze logs for errors and remediate synchronization errors with their directory synchronization tool.