Entourage not updating exchange mailbox
Later changes that need written back from the cloud will result in a failure to writeback again, and again permission issues will be to blame.
To fix this we just need to ensure that the Admin SDHolder object has the correct permissions needed.
Admin SDHolder is something I come across a lot, but find a lot of admins are unaware of it.
In brief it is any user that is a member of a protected group (i.e. Admin SDHolder is an AD object that determines what the permissions for all protected group members need to be.
The User Name is the name of the account you need in the script.
An example is shown below: $account Name = "domain\aad_account" #[this is the account that will be used by Azure AD Connect Sync to manage objects in the directory, this is an account usually in the form of AAD_number or MSOL_number].
If you compare your above admin account to a non-protected account you will see inheritance can be disabled and that the Inherited From column lists the source of the permission inheritance.
Compare the access control entries (ACE) to the list of ACE’s on the Admin SDHolder object.
Note though that Admin SDHolder is per domain, so if you are syncing more than one domain you need to set these permissions on each domain.
The changes below directly on the Admin SDHolder will impact these users as their permissions will get updated to allow writeback from Azure AD.
$account Name = "domain\aad_account" #[this is the account that will be used by Azure AD Connect Sync to manage objects in the directory, this is an account usually in the form of AAD_number or MSOL_number].
Domain Admins) will find that their AD permission inheritance and access control lists on their AD object will be reset every hour. Why this matters with AADConnect and your sync to Azure Active Directory (i.e.
the directory used by Office 365) is that any object that the AADConnect service cannot read cannot be synced, and any object that the AADConnect service cannot write to can be targeted by writeback permissions.