From da36c19cb635c463f871a39c307bcde6292e81d8 Mon Sep 17 00:00:00 2001 From: Muhammad Asad Ali Amjad Date: Tue, 5 May 2026 08:36:22 +0000 Subject: [PATCH 1/6] Documented the limitations of Microsoft Teams Channel in Netwrix Directory Manager --- .../11.1/configureentraid/createid.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index d770cf0e35..8fec1ebab8 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -60,3 +60,24 @@ limitations apply: - The password reset functionality would be limited to objects falling in the User role, User Administrator role, and Helpdesk role. + +## Limitations of Microsoft Teams Channels + +The Microsoft Graph API does not return Microsoft Teams objects in delta query results when a +channel is added, removed, or modified. As a result, Directory Manager cannot detect Teams channel +changes incrementally and must replicate all Microsoft Teams objects on every replication cycle. +This is a known Microsoft platform limitation. + +This behavior has a performance impact because all Microsoft Teams are replicated regardless of +whether changes occurred. To mitigate this, you can enable or disable Teams channel replication +using the `ReplicateTeamsChannelChanges` setting in the following file: + +`[Installation Directory]\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json` + +```json +"EntraID": { + "ReplicateTeamsChannelChanges": false +} +``` + +This setting is disabled `false` by default. Set it to `true` to enable full Teams channel replication. \ No newline at end of file From cc929ec3708e9d7fd8c6a7a3747d124352086ae4 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 10:52:18 +0000 Subject: [PATCH 2/6] fix(vale): auto-fix style issues (Vale + Dale) --- .../11.1/configureentraid/createid.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index 8fec1ebab8..2e5e894133 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -6,8 +6,8 @@ sidebar_position: 20 # Microsoft Entra ID Identity Store -Once you have registered Directory Manager and created a user with required directory role in -Microsoft Entra ID, you can now create an Microsoft Entra ID identity store in GroupID. This topic +After you have registered Directory Manager and created a user with required directory role in +Microsoft Entra ID, you can create an Microsoft Entra ID identity store in GroupID. This topic walks you through the steps to create an Microsoft Entra ID identity store and assign a role to the Microsoft Entra ID user in Directory Manager. @@ -18,11 +18,11 @@ See the topic for creating an Microsoft Entra ID identity store. :::note -If you intend to use a service account user with Global Administrator directory role, then no -change is required in the default Directory Manager security roles settings of Microsoft Entra ID -identity store. And if you intend to use a service account user with any role, other than Global -administrator directory role (i.e. User Administrator + Exchange Administrator), then the Directory -Manager Administrator security role criteria group must be changed to User Account Administrator. +If you intend to use a service account user with Global Administrator directory role, you don't +need to change the default Directory Manager security roles settings of the Microsoft Entra ID +identity store. If you intend to use a service account user with any role other than Global +Administrator directory role (i.e. User Administrator + Exchange Administrator), you must change +the Directory Manager Administrator security role criteria group to User Account Administrator. ::: @@ -54,23 +54,23 @@ Step 7 – On the Security Roles page, click **Save**. If you are using a service account with minimum directory role assignments, the following limitations apply: -- Only the User role can be assigned to newly created users and mailboxes objects from GroupID. The - same applies to existing users and mailboxes, as Directory Roles cannot be changed, using a - service account with minimum directory role assignments. +- You can only assign the User role to newly created users and mailbox objects from GroupID. The + same applies to existing users and mailboxes, because you can't change Directory Roles when + using a service account with minimum directory role assignments. -- The password reset functionality would be limited to objects falling in the User role, User - Administrator role, and Helpdesk role. +- Password reset functionality is limited to objects in the User role, User Administrator role, + and Helpdesk role. ## Limitations of Microsoft Teams Channels -The Microsoft Graph API does not return Microsoft Teams objects in delta query results when a -channel is added, removed, or modified. As a result, Directory Manager cannot detect Teams channel +The Microsoft Graph API doesn't return Microsoft Teams objects in delta query results when a +channel is added, removed, or modified. As a result, Directory Manager can't detect Teams channel changes incrementally and must replicate all Microsoft Teams objects on every replication cycle. This is a known Microsoft platform limitation. -This behavior has a performance impact because all Microsoft Teams are replicated regardless of -whether changes occurred. To mitigate this, you can enable or disable Teams channel replication -using the `ReplicateTeamsChannelChanges` setting in the following file: +This behavior has a performance impact because Directory Manager replicates all Microsoft Teams +regardless of whether changes occurred. To mitigate this, you can enable or disable Teams channel +replication using the `ReplicateTeamsChannelChanges` setting in the following file: `[Installation Directory]\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json` @@ -80,4 +80,4 @@ using the `ReplicateTeamsChannelChanges` setting in the following file: } ``` -This setting is disabled `false` by default. Set it to `true` to enable full Teams channel replication. \ No newline at end of file +This setting is disabled `false` by default. Set it to `true` to enable full Teams channel replication. From 7d605817818caeedad7d56b55dc236f1aa4db462 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 11:24:07 +0000 Subject: [PATCH 3/6] docs: apply fixes from PR review Addressed 6 editorial issues in the Microsoft Teams Channels limitations section: clarified the mitigation/control wording, named the performance impact concretely, switched [Installation Directory] to angle-bracket placeholder syntax, fixed the awkward default-value sentence, anchored the appsettings.json edit to the existing EntraID section, and added numbered steps covering service stop, edit, save, and restart. Co-Authored-By: Claude --- .../11.1/configureentraid/createid.md | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index 2e5e894133..9db7378387 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -68,11 +68,25 @@ channel is added, removed, or modified. As a result, Directory Manager can't det changes incrementally and must replicate all Microsoft Teams objects on every replication cycle. This is a known Microsoft platform limitation. -This behavior has a performance impact because Directory Manager replicates all Microsoft Teams -regardless of whether changes occurred. To mitigate this, you can enable or disable Teams channel -replication using the `ReplicateTeamsChannelChanges` setting in the following file: +This behavior increases replication time and resource usage, particularly in environments with a +large number of Microsoft Teams objects, because Directory Manager replicates all Microsoft Teams +regardless of whether changes occurred. To control this behavior, use the +`ReplicateTeamsChannelChanges` setting. Disabling it (the default) skips Teams channel replication +and avoids the performance impact; enable it only when full Teams channel replication is required. -`[Installation Directory]\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json` +This setting is set to `false` (disabled) by default. Set it to `true` to enable full Teams channel +replication. + +To change the `ReplicateTeamsChannelChanges` setting: + +Step 1 – Stop the Directory Manager Replication Service. + +Step 2 – Open the following file in a text editor: + +`\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json` + +Step 3 – Locate the existing `EntraID` section at the root of `appsettings.json` and set the +`ReplicateTeamsChannelChanges` value as shown: ```json "EntraID": { @@ -80,4 +94,6 @@ replication using the `ReplicateTeamsChannelChanges` setting in the following fi } ``` -This setting is disabled `false` by default. Set it to `true` to enable full Teams channel replication. +Step 4 – Save the file. + +Step 5 – Restart the Directory Manager Replication Service. From a01212084820fad983e74424dd860bd439835e27 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 11:26:51 +0000 Subject: [PATCH 4/6] fix(vale): auto-fix style issues (Vale + Dale) --- docs/directorymanager/11.1/configureentraid/createid.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index 9db7378387..29b77758bb 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -8,7 +8,7 @@ sidebar_position: 20 After you have registered Directory Manager and created a user with required directory role in Microsoft Entra ID, you can create an Microsoft Entra ID identity store in GroupID. This topic -walks you through the steps to create an Microsoft Entra ID identity store and assign a role to the +explains how to create an Microsoft Entra ID identity store and assign a role to the Microsoft Entra ID user in Directory Manager. ## To create a Microsoft Entra ID Identity Store @@ -58,7 +58,7 @@ limitations apply: same applies to existing users and mailboxes, because you can't change Directory Roles when using a service account with minimum directory role assignments. -- Password reset functionality is limited to objects in the User role, User Administrator role, +- Password reset functionality works only for objects in the User role, User Administrator role, and Helpdesk role. ## Limitations of Microsoft Teams Channels @@ -72,9 +72,9 @@ This behavior increases replication time and resource usage, particularly in env large number of Microsoft Teams objects, because Directory Manager replicates all Microsoft Teams regardless of whether changes occurred. To control this behavior, use the `ReplicateTeamsChannelChanges` setting. Disabling it (the default) skips Teams channel replication -and avoids the performance impact; enable it only when full Teams channel replication is required. +and avoids the performance impact; enable it only when you need full Teams channel replication. -This setting is set to `false` (disabled) by default. Set it to `true` to enable full Teams channel +This setting defaults to `false` (disabled). Set it to `true` to enable full Teams channel replication. To change the `ReplicateTeamsChannelChanges` setting: From 2fdd29c0608fb2c5d45f0979dc5d7da458cee8fa Mon Sep 17 00:00:00 2001 From: Muhammad Asad Ali Amjad Date: Wed, 6 May 2026 12:12:36 +0000 Subject: [PATCH 5/6] Added a new supported version of Windows Server and updated the description of Microsoft Teams channel replication --- .../11.1/configureentraid/createid.md | 16 ++++++++-------- .../11.1/requirements/windowsserver.md | 5 +++++ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index 29b77758bb..c786a93155 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -68,18 +68,18 @@ channel is added, removed, or modified. As a result, Directory Manager can't det changes incrementally and must replicate all Microsoft Teams objects on every replication cycle. This is a known Microsoft platform limitation. -This behavior increases replication time and resource usage, particularly in environments with a -large number of Microsoft Teams objects, because Directory Manager replicates all Microsoft Teams -regardless of whether changes occurred. To control this behavior, use the -`ReplicateTeamsChannelChanges` setting. Disabling it (the default) skips Teams channel replication -and avoids the performance impact; enable it only when you need full Teams channel replication. +This behavior increases replication time particularly in environments with large number of Microsoft +Teams objects, because Directory Manager replicates all Microsoft Teams regardless of whether changes +occurred. To control this behavior, use the `ReplicateTeamsChannelChanges` setting. Disabling it +(the default) skips Teams channel replication and avoids the performance impact; enable it only when +full Teams channel replication is required. This setting defaults to `false` (disabled). Set it to `true` to enable full Teams channel replication. To change the `ReplicateTeamsChannelChanges` setting: -Step 1 – Stop the Directory Manager Replication Service. +Step 1 – Stop the GroupIDReplicationService in IIS. Step 2 – Open the following file in a text editor: @@ -90,10 +90,10 @@ Step 3 – Locate the existing `EntraID` section at the root of `appsettings.jso ```json "EntraID": { - "ReplicateTeamsChannelChanges": false + "ReplicateTeamsChannelChanges": true } ``` Step 4 – Save the file. -Step 5 – Restart the Directory Manager Replication Service. +Step 5 – Restart the GroupIDReplicationService in IIS. \ No newline at end of file diff --git a/docs/directorymanager/11.1/requirements/windowsserver.md b/docs/directorymanager/11.1/requirements/windowsserver.md index 8cd04bb173..4ced6150ff 100644 --- a/docs/directorymanager/11.1/requirements/windowsserver.md +++ b/docs/directorymanager/11.1/requirements/windowsserver.md @@ -22,3 +22,8 @@ Directory Manager supports the following Microsoft Windows Servers: - Windows Server 2022 Standard - Windows Server 2022 Datacenter + +**Microsoft Windows Server 2025 Family** + +- Windows Server 2025 Standard +- Windows Server 2025 Datacenter \ No newline at end of file From a0ff761c1c3ba18fad8d663bebba65613f1928c0 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 12:16:41 +0000 Subject: [PATCH 6/6] fix(vale): auto-fix style issues (Vale + Dale) --- .../directorymanager/11.1/configureentraid/createid.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index c786a93155..078e3633c9 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Microsoft Entra ID Identity Store -After you have registered Directory Manager and created a user with required directory role in +After you register Directory Manager and create a user with the required directory role in Microsoft Entra ID, you can create an Microsoft Entra ID identity store in GroupID. This topic explains how to create an Microsoft Entra ID identity store and assign a role to the Microsoft Entra ID user in Directory Manager. @@ -29,7 +29,7 @@ the Directory Manager Administrator security role criteria group to User Account ## Directory Manager Security Role Setting If you want to use a service account user with a role other than Global administrator role for -Microsoft Entra ID identity store, you have to assign it _User Account Administrator_ role in +Microsoft Entra ID identity store, you must assign it the _User Account Administrator_ role in Directory Manager. Step 1 – In Admin Center, click **Identity Stores** in the left pane. @@ -51,7 +51,7 @@ Step 7 – On the Security Roles page, click **Save**. ## Limitations of Minimum Service Account Permissions -If you are using a service account with minimum directory role assignments, the following +If you use a service account with minimum directory role assignments, the following limitations apply: - You can only assign the User role to newly created users and mailbox objects from GroupID. The @@ -72,7 +72,7 @@ This behavior increases replication time particularly in environments with large Teams objects, because Directory Manager replicates all Microsoft Teams regardless of whether changes occurred. To control this behavior, use the `ReplicateTeamsChannelChanges` setting. Disabling it (the default) skips Teams channel replication and avoids the performance impact; enable it only when -full Teams channel replication is required. +you need full Teams channel replication. This setting defaults to `false` (disabled). Set it to `true` to enable full Teams channel replication. @@ -86,7 +86,7 @@ Step 2 – Open the following file in a text editor: `\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json` Step 3 – Locate the existing `EntraID` section at the root of `appsettings.json` and set the -`ReplicateTeamsChannelChanges` value as shown: +`ReplicateTeamsChannelChanges` value as follows: ```json "EntraID": {