Jan 14 2022 01:45 AM
I noticed something strange in SharePoint Online and would like to get your confirmation for this behaviour or your comment if I am doing anything wrong.
We have many guest users in our organisation and some of them need access to SharePoint. This access can be given if I add those users in the library settings explicitly:
- The site has guest sharing enabled
- The guests are already added in our AD (existing guest users)
- The library has unique permissions
This works as expected and guests can access.
But if I add those guest users to an AAD security group (not a SharePoint group) and add the group in this list, they always get this screen here:
This is an issue, because we are using security groups in many libraries and adding users manually is a huge pain... do you have any suggestions?
Are guest users from security groups not synced in the corresponding SharePoint groups?
Feb 01 2022 06:10 AM
@David_Elsner I am running into the same issues now. Were you able to find a solution?
Feb 02 2022 03:03 PM
Apr 19 2022 06:45 AM
Jun 23 2022 04:30 AM
Jun 23 2022 04:33 AM
Jun 24 2022 02:33 AM
@David_Elsner this is indeed pretty strange yes. I cannot understand why it is like this. As I use this for multiple hundreds of users in dynamic groups but that shouldn’t matter.
testing some things to clarify
- if you add a tenant user in the same aad group do you see in check access that the user receives the sp group access? To verify internal users work
- if you have a teams group with internal and external guest users can you add that team aad group to sharepoint and see if you check access and get info about the normal and guest users then?
depending on the above results one can investigate further. Are you a tenant admin or at least site collection admin on that site?
Jun 24 2022 06:03 AM
Dec 27 2023 07:38 AM
@David_Elsner Have you every had any luck getting this to work? I am running in the exact same issue here with external users.
Mar 07 2024 04:01 AM
@sfroehlich_aza , @David_Elsner I have run into the same issue, what I have narrowed it down to is that if users are 'members' in Azure, it works as expected, if users are 'guests' in Azure, SharePoint does not see them in the AD Group and they have to be added manually.
I currently have a ticket with Microsoft to investigate.
I have a back up plan using Power Automate to 'get all members' from a dynamic AD group in Azure and 'add them' to a Scurity group in SharePoint, messy, but it does seem to work.
Jun 25 2024 09:53 AM
@carlsmith Did you ever get anywhere with Microsoft?
Cant get it to work myself
Jun 25 2024 10:00 AM
Yes, I did !
In short having someone as a 'Guest' in AD does not allow you to add them to a, AD Group!
You need to either add them as a 'Member' in Azure, or manually add them as individual users
Jul 29 2024 12:13 PM