netwrix · m-asad-ali-amjad · May 5, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
@@ -6,9 +6,9 @@ sidebar_position: 20
 
 # Microsoft Entra ID Identity Store
 
-Once you have registered Directory Manager and created a user with required directory role in
-Microsoft Entra ID, you can now create an Microsoft Entra ID identity store in GroupID. This topic
-walks you through the steps to create an Microsoft Entra ID identity store and assign a role to the
+After you register Directory Manager and create a user with the required directory role in
+Microsoft Entra ID, you can create an Microsoft Entra ID identity store in GroupID. This topic
+explains how to create an Microsoft Entra ID identity store and assign a role to the
 Microsoft Entra ID user in Directory Manager.
 
 ## To create a Microsoft Entra ID Identity Store
@@ -18,18 +18,18 @@ See the
 topic for creating an Microsoft Entra ID identity store.
 
 :::note
-If you intend to use a service account user with Global Administrator directory role, then no
-change is required in the default Directory Manager security roles settings of Microsoft Entra ID
-identity store. And if you intend to use a service account user with any role, other than Global
-administrator directory role (i.e. User Administrator + Exchange Administrator), then the Directory
-Manager Administrator security role criteria group must be changed to User Account Administrator.
+If you intend to use a service account user with Global Administrator directory role, you don't
+need to change the default Directory Manager security roles settings of the Microsoft Entra ID
+identity store. If you intend to use a service account user with any role other than Global
+Administrator directory role (i.e. User Administrator + Exchange Administrator), you must change
+the Directory Manager Administrator security role criteria group to User Account Administrator.
 :::
 
 
 ## Directory Manager Security Role Setting
 
 If you want to use a service account user with a role other than Global administrator role for
-Microsoft Entra ID identity store, you have to assign it _User Account Administrator_ role in
+Microsoft Entra ID identity store, you must assign it the _User Account Administrator_ role in
 Directory Manager.
 
 Step 1 – In Admin Center, click **Identity Stores** in the left pane.
@@ -51,12 +51,49 @@ Step 7 – On the Security Roles page, click **Save**.
 
 ## Limitations of Minimum Service Account Permissions
 
-If you are using a service account with minimum directory role assignments, the following
+If you use a service account with minimum directory role assignments, the following
 limitations apply:
 
-- Only the User role can be assigned to newly created users and mailboxes objects from GroupID. The
-  same applies to existing users and mailboxes, as Directory Roles cannot be changed, using a
-  service account with minimum directory role assignments.
+- You can only assign the User role to newly created users and mailbox objects from GroupID. The
+  same applies to existing users and mailboxes, because you can't change Directory Roles when
+  using a service account with minimum directory role assignments.
 
-- The password reset functionality would be limited to objects falling in the User role, User
-  Administrator role, and Helpdesk role.
+- Password reset functionality works only for objects in the User role, User Administrator role,
+  and Helpdesk role.
+
+## Limitations of Microsoft Teams Channels
+
+The Microsoft Graph API doesn't return Microsoft Teams objects in delta query results when a
+channel is added, removed, or modified. As a result, Directory Manager can't detect Teams channel
+changes incrementally and must replicate all Microsoft Teams objects on every replication cycle.
+This is a known Microsoft platform limitation.
+
+This behavior increases replication time particularly in environments with large number of Microsoft
+Teams objects, because Directory Manager replicates all Microsoft Teams regardless of whether changes
+occurred. To control this behavior, use the `ReplicateTeamsChannelChanges` setting. Disabling it
+(the default) skips Teams channel replication and avoids the performance impact; enable it only when
+you need full Teams channel replication.
+
+This setting defaults to `false` (disabled). Set it to `true` to enable full Teams channel
+replication.
+
+To change the `ReplicateTeamsChannelChanges` setting:
+
+Step 1 – Stop the GroupIDReplicationService in IIS.
+
+Step 2 – Open the following file in a text editor:
+
+`<installation-directory>\ReplicationService\Inetpub\GroupIDReplicationService\Web\appsettings.json`
+
+Step 3 – Locate the existing `EntraID` section at the root of `appsettings.json` and set the
+`ReplicateTeamsChannelChanges` value as follows:
+
+```json
+"EntraID": {
+  "ReplicateTeamsChannelChanges": true
+}
+```
+
+Step 4 – Save the file.
+
+Step 5 – Restart the GroupIDReplicationService in IIS.
@@ -22,3 +22,8 @@ Directory Manager supports the following Microsoft Windows Servers:
 
 - Windows Server 2022 Standard
 - Windows Server 2022 Datacenter
+
+**Microsoft Windows Server 2025 Family**
+
+- Windows Server 2025 Standard
+- Windows Server 2025 Datacenter