The information provided in this article can help you configure group membership synchronization between Active Directory or AD/LDS domains.
When attemping to synchronize the user's memberOf attribute you may experience the following error:
Active Directory does not allow direct modification of back-link attributes.
The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member.
However, this attribute is not stored— it is a computed back-link attribute.