Fix: M365 Group Not in Active Directory – Removal Guide
Posted on 30 April 2025 by Beaming SupportWhen you, as a global administrator, attempt to modify the membership of a Microsoft 365 group that’s synchronised from your local network, you usually need to make those changes within your on-premises Active Directory on the Domain Controller. However, issues occur when this on-premises Active Directory group is missing – potentially due to a misconfiguration, accidental deletion, or a lingering problem from a previous synchronisation.
How to manually remove an on-premise synchronised group from M365.
First, we need to find the Object ID of the offending group in Microsoft 365, using PowerShell
- Install and import the Microsoft Graph PowerShell Module
- Install-Module Microsoft.Graph
- $MaximumFunctionCount = 32768 (This is required as the Module exceeds the default 4096 functions)
- Import-Module Microsoft Graph
- Connect to Microsoft Graph and assign correct permissions
- Connect-MgGraph -Scopes “Group.Read.All”
- Find the Group ID for the orphaned group, using either of the below commands
- Get-MgGroup -Filter “DisplayName eq ‘Group Name'”
- Get-MgGroup -All
- Now we have the Object ID we can go ahead and remove it from M365 using the MSOline PowerShell module
- Install-Module MSOnline
- Import-Module MSOnline
- Satisfy any MFA that is applied to the Global Administrators account.
- Remove-MsolGroup -Objectid “<ObjectID>
- Confirm that the Orphaned Group has now been removed from the Tennant by refreshing the group list.
- You can now recreate the group in the on-premise Active Directory and force a synchronisation to M365 with “Start-ADSyncSyncCycle -PolicyType Delta”, or if this is an email only group or distribution list you can create as a cloud only group and prevent this issue occurring in the future.