Forum Discussion

Taen keren's avatar
Taen keren
Steel Contributor
Apr 22, 2019
Solved

transition to O365 - AAD

Hi    Just wanted to hear about any recommendations / best practice for the following:    A company has a traditional AD on-prem - with OU's, User objects, Security Groups, Distribution lists, et...
admin
microsoft 365 groups
migration
security
sharepoint
  • ChrisWebbTech's avatar
    ChrisWebbTech
    Apr 22, 2019
    Yeah it's still a mix and depends on if you still have onprem resources or not. I personally like to split the two up. Cloud is Office 365 groups which includes anything connected to that group and on-prem and Non SharePoint group connected sites (comm sites etc.) stay Security groups.

    Really isn't a best practice per say other than that. You don't want to use office 365 groups across other sites because membership into that group could affect access to other things that people may not think about and when guest access comes into play can get even worse that's why I like to try to keep it manual if possible.
  • Taen keren's avatar
    Taen keren
    Steel Contributor
    Apr 22, 2019

    Hi adam deltinger 

     

    Yes I know the dynamic groups within Teams - and the Groups writeback - guess I'm asking 'where-to-do-what' and 'when-to-use-what' (AD or AAD wise) - if Dynamic groups are used the membership admin is turned off in the client 

    AD Security groups works fine in SharePoint - but not in Teams - Is the advise to create new O365 groups and migrate the AD groups so company only uses O365 groups  - some Admin planning/strategy  :D 

    • ChrisWebbTech's avatar
      ChrisWebbTech
      MVP
      Apr 22, 2019
      Yeah it's still a mix and depends on if you still have onprem resources or not. I personally like to split the two up. Cloud is Office 365 groups which includes anything connected to that group and on-prem and Non SharePoint group connected sites (comm sites etc.) stay Security groups.

      Really isn't a best practice per say other than that. You don't want to use office 365 groups across other sites because membership into that group could affect access to other things that people may not think about and when guest access comes into play can get even worse that's why I like to try to keep it manual if possible.
    • adam deltinger's avatar
      adam deltinger
      MVP
      Apr 22, 2019
      Kinda figured out your question :) sorry!
      But as I said, yes! If you’re using using sharepoint in pair with teams, I would mess with sec groups!