Teams Aadsync adding and deleting users - known issue but no official documentation

Frequent Contributor

Hi everyone,


this is happening a lot and there is still no official document about this.

What exactly does the Teams Aadsync?


I have a team where it added 8 users then removed 2. All users were part of a security group. But afaik know there is not "automatic group membership"

The Teams has no "dynamic group membership" defined.


So what triggers this behaviour?



I need to explain it to our users and the management.

Best regards




4 Replies
Hi, Tony Redmond just posted this

Does that answer your question? (the underlying workflow).


Well. Not really. I already had a look into this.


We have AAD Connect - we get the Office 365 Group synced to our AD but this is a one way sync. So there is no adding to the Azure AD group. (Well users find ways... but normally we teach them to use Teams for this)


The owners added a library to the underlying SharePoint page and then tried to add a security group to that library by breaking inheritance.

It must have to do something with that action. I am trying to reverse engineer with the audit log (would be easier if it could be scoped to a certain Team though)

best response confirmed by StephanGee (Frequent Contributor)


Found the action that triggers that information.


If you want to add the permission to a library but you go with this entry point:


Then you add some users as "members" - they seem to be added to the AAD group but not yet to Teams.

Short time later:



Mystery solved :) Thanks for your directions


Hi, great that you found out your trigger. But the article do mention it.

”Typically, the changes flowing through the pipeline are made to groups via admin centers, Exchange Online, SharePoint Online, or PowerShell modules.”

Before the Teams AadSync was introduced these changes was displayed as ”random owner has removed/added bla bla”. You’ve probably noticed that.