When you create a Microsoft 365 group directly in the cloud, it’s easy to assign or change the group owner using the Exchange admin center (EAC) or Microsoft 365 admin center. However, the process is different for groups that are synchronized from on-premises Active Directory .
In hybrid environments, group attributes are mastered in Active Directory (AD) and synchronized to Microsoft 365 via the Entra Connect (formerly Azure AD Connect) tool. Because of this, you cannot directly modify ownership from the cloud. Instead, you must make the changes in AD and then sync them to the cloud.
Key Difference: "Owner" vs. "Managed By"
In Active Directory, there is no property called Owner for groups. Instead, AD uses the Managed By attribute to define who manages the group. This field maps to the group ownership property in Microsoft 365 after synchronization.
Steps to Add or Change Group Owner in a Synchronized Group
Open Active Directory Users and Computers (ADUC).
Search for the Group.
Edit Group Properties.
Update the Managed By Attribute.
Go to the Managed By tab.
Add or change the user who should be the group owner.
(Optional) Select Manager can update the membership list if you want the owner to manage group members directly.
![Picture1]()
Run a Delta Sync
Open a PowerShell session on the server running Entra Connect and run:
Start-ADSyncSyncCycle -PolicyType Delta
This ensures your changes are quickly replicated to Microsoft 365.
Verify in Microsoft 365
Notes and Best Practices
Only one user can be added to the Managed By attribute in AD. If you need multiple owners, you’ll have to manage this in the cloud after converting the group to a cloud-managed object (not recommended unless required).
For security and auditing purposes, always ensure the designated owner is appropriate for managing the group.
If you’re planning to delegate group ownership at scale, consider scripting with PowerShell to update multiple groups in AD.