Mar 13 2018
04:32 PM
- last edited on
Feb 01 2023
12:52 PM
by
TechCommunityAP
Mar 13 2018
04:32 PM
- last edited on
Feb 01 2023
12:52 PM
by
TechCommunityAP
Hi there,
New to the forum so be gentle!
OK so I am about to setup a new 2016 on premises AD domain (they won't do Microsoft 365 Business) with 20 users and I would like to connect and sync users to their Office 365 Business Premium Tenant.
I have been testing in a lab situation and I know that I can connect Azure AD Connect and it will add any users in the on prem domain to Office 365 and if they match will reset their passwords.
What I am trying to achieve is to add a new user to on prem which then syncs to Office 365 , adds the user and then automatically assigns it to the correct groups with licenses. I have managed to add a group in Azure AD and when a user is added to that group at the Office 365 end automatically assigns whatever licences I require but can't seem to do it from the on prem end.
I read somewhere that this isn't possible but if not, is there any other way to achieve this (seemingly) simple and obvious requirement? Maybe some sort of Powershell CMDlet or something that can be run on the on prem server to add to the correct Office 365 Groups / Assign licenses after adding the user?
Let me know.
Thanks!
Alastair Ferguson
Mar 13 2018 11:32 PM
I'm assuming you are talking about the group-based licensing feature (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-port...)? If so, you can certainly set up a group that is synced from AD for it, and add the user upon creation to it.
Alternatively, you can use a dynamic group: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-a...
Mar 14 2018 06:18 PM
Hi Vasil,
Thanks for that.
It seems as though the dynamic Group is for Azure AD Premium T1 which the customer doesn't have.
I looked at Group Writeback and it seems that it requires Exchange on premises which the customer also doesn't have.
>>If so, you can certainly set up a group that is synced from AD for it, and add the user upon creation to it.
Can you point me in the direction of the documentation that explains how to do this please?
Thanks in advance,
Alastair
Mar 15 2018 01:02 AM
The steps are exactly the same, you simply point to an AD-synced group in the "group selection" pane.
Mar 16 2018 12:58 AM
OK I see.
I went through this document:
And managed to sort it out.
Thanks.