Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Security group not syncing to AAD

Copper Contributor

Hi All,

 

My Azure AD and onpremises AD were in sync and all the Users and groups were syncing properly, but all of a sudden my Security groups are not syncing to AAD. Whatever changes I make on ON-premises AD groups it does not reflect on AAD, but when I make changes/create a user it works fine.

 

Any help would be highly appreciated.

 

Thanks & Regards,

 

Srikanth.

5 Replies

Well are there any errors? What does the MIISClient show? You can use the steps in this article to troubleshoot: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing

@srikanth2021  If I understand correctly, I don't believe that AzureAD Connect will sync built in security groups from AD. 

 

Check out this article, hopefully this helps. 

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-user-an... 

Hopefully this helps someone, but I had a similar problem. I would change the name of a security group (SG) in on-premises Active Directory (AD), and when doing a delta sync in AD Connect, the new name change would not reflect in Azure Active Directory (AAD). Here is how I fixed it:

Go to the properties of the SG and click on the Attribute Editor tab. Go to the displayName attribute. Here you will notice that it has the old name of the SG. Simply update this attribute with the new name, perform another delta sync in AD Connect, and you will see this updated in AAD.

For some reason, SG's that have the displayName attribute populated, have this problem. All other SG's that I have in my environment that do not have the displayName populated, sync over fine when doing name changes.

@srikanth2021 

Define explicitly the DisplayName or EmailAddress for this group. After this everything may work .

 

Cordially