Summary

Completed

This module focused on post-synchronization maintenance of users and groups once you implemented Microsoft Entra Connect. You learned that following the synchronization of your on-premises Active Directory objects with Microsoft 365, you can no longer manage those objects using the Microsoft 365 admin center or the Exchange Online admin center (EAC). The reason for this restriction is that the system doesn't synchronize all synchronized attributes back to your on-premises environment.

In this module, you learned that organizations must manage all group membership in their on-premises Active Directory once they implement directory synchronization between their on-premises AD and Microsoft Entra ID. Directory synchronization of both users and groups in Microsoft 365 is similar. You learned that the sync process synchronizes on-premises groups and their membership from on-premises AD to Microsoft Entra ID. And just like the user writeback feature, group writeback also writes Microsoft 365 groups from Microsoft Entra ID back to on-premises AD.

This module also examined how Microsoft Entra Connect automatically creates Microsoft Entra Connect Sync Security Groups to:

  • Delegate control in Microsoft Entra Connect Sync to other users
  • Assign a user temporary permission to run a manual synchronization
  • Troubleshoot directory synchronization issues using Microsoft Entra Connect Sync

You also learned about Microsoft Identity Manager (MIM). MIM is an identity management solution that helps organizations manage and synchronize user identities across various systems and directories. It provides capabilities for user provisioning, deprovisioning, synchronization, and self-service password reset. MIM focuses on managing user identities and their attributes, ensuring consistency and accuracy across different systems and applications.

The module concluded with a discussion on troubleshooting directory synchronization. You learned that when troubleshooting directory synchronization issues, Microsoft 365 Administrators must analyze logs for errors and remediate synchronization errors with the Microsoft Entra Connect Sync tool itself.