Cayosoft Administrator Service compatibility with Azure AD Connect cloud sync

Azure AD Connect cloud sync is a new Microsoft cloud service. See What is Microsoft Entra Cloud Sync? | Microsoft Docs for service description. Like Azure AD Connect it synchronizes Active Directory users, groups, and contacts to Azure AD. But it accomplishes this by using the Azure AD cloud provisioning agent instead of the Azure AD Connect application.

Cayosoft Administrator supports Azure AD Connect cloud sync. There is one product scenario that has a certain limitation: Microsoft 365 Dynamic Group populated with AD user's query. This article provides details about those limitations.

Limitations

Microsoft 365 Dynamic Groups: AD Users and Members of the AD Group rules

Azure AD Connect cloud sync does not support Exchange hybrid write-back. It means that the msDS- ExternalDirectoryObjectId attribute and also some other attributes are not written back from Azure AD to on-premises Active Directory. For the details about Exchange Hybrid write back please see this article: Microsoft Entra Connect Sync: Attributes synchronized to Microsoft Entra ID - Exchange hybrid writeback | Microsoft Docs.

By default, Cayosoft Administrator uses the msDS-ExternalDirectoryObjectId attribute to map on-premise objects to the cloud objects in AD Users or Members of the AD Group membership rule commands for the Microsft 365 Dynamic Groups. This default configuration needs to be changed when using the Azure AD Connect cloud sync service.

Issue: Azure AD Connect cloud sync is configured. Microsoft 365 Dynamic group is created with AD Users or Members of the AD Group membership rules. No members are found to add to the Dynamic Group.

Resolution

Change Map cloud users setting in membership commands to By anchor attribute and UPN:

1. In Microsoft 365 Dynamic Group, open AD Users or Members of the AD Group membership rule command settings.

2. Open the More Parameters section.

3. Set Map cloud users to By anchor attribute and UPN.

4. Save changes.