03-06-2020 04:33 AM
03-06-2020 04:33 AM
In my company we created a Sharepoint online site to manage our procedure.
To manage security, we think about to use the existed groups in our on-premise active directory.
So, we started by add our key users to the site with a specific AD group. But, these people don't have any access. But, if we create a Sharepoint group and add user in this group, it works.
In fact, we can't use our on-premise AD security groups...
We are using Azure AD Connect for sync.
How can we do that?
03-06-2020 04:59 AM
03-06-2020 05:04 AM
Hi @t_brejon ,
Generally you won't be syncing everything in your On-Prem AD to Azure AD. What you need to do is make sure that the on Prem AD Groups are in the right Organisational Unit (OU) that is being synced to Azure AD.
It maybe that the AD group you tried to use wasn't the correct one? Have a look in Azure AD and see the membership of the AD Groups you are trying to use.
03-06-2020 05:09 AM
08-27-2020 07:02 PM
@t_brejon I have a similar issue. I have been doing some troubleshooting and it looks like everything works fine IF you add the AD group to one of those default group that come on SharePoint (visitors, members or owners). If I add the AD group to a newly created SharePoint group I got access denied.
If someone have any suggestion, it will be appreciated.
08-28-2020 07:06 AM
@Andrew Hodges I think you're right on the money! Last night I kept troubleshooting and I realized that when I originally created the group I did not gave any permissions at the time of creation. I gave the permission later when I was assigning it to the site and library permissions. Yesterday I created a new group and assigned READ at the time of creation. Then I compare both groups against a user (using the check permission options), I noticed that the first group gave READ,Limited Access. And the second group only have READ.
I'm not sure why that Limited Access appeared, but it was creating the issues. My guest it was the fact of not check in the option for READ at time of creation. I does not make much sense, but it is what it is. Later today or next week I will run a full test on this and I will come back here to update the community.