Users added to AD security group are not made members of SharePoint online group

%3CLINGO-SUB%20id%3D%22lingo-sub-2276476%22%20slang%3D%22en-US%22%3EUsers%20added%20to%20AD%20security%20group%20are%20not%20made%20members%20of%20SharePoint%20online%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2276476%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20company%20employs%20Active%20Directory%20security%20groups%20to%20administer%20permissions%20in%20SharePoint%20online.%20For%20example%20we%20have%20a%20SharePoint%20group%20that%20has%20contribute%20permissions%20to%20one%20of%20our%20sites.%20We%20make%20the%20security%20group%20a%20member%20of%20that%20SharePoint%20group.%20When%20an%20employee%20requires%20contribute%20permissions%20to%20that%20site%20we%20simply%20add%20that%20person%20to%20the%20AD%20security%20group%20and%20wait%20for%20replication.%20That%20approach%20has%20served%20us%20well...until%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20when%20adding%20an%20employee%20to%20a%20security%20group%20that%20is%20a%20member%20of%20a%20SharePoint%20group%20we%20find%20that%20the%20permission%20level%20that%20SP%20group%20should%20confer%20is%20not%20being%20passed%20onto%20said%20employee.%20When%20you%20examine%20the%20employee's%20permission%20under%20%22Check%20Permissions%22%20they%20only%20show%20limited%20access%20with%20no%20mention%20of%20membership%20in%20that%20SP%20group.%26nbsp%3B%20This%20remains%20true%20even%20days%20after%20the%20employee%20has%20been%20added%20to%20the%20security%20group.%20Any%20advice%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2276476%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

My company employs Active Directory security groups to administer permissions in SharePoint online. For example we have a SharePoint group that has contribute permissions to one of our sites. We make the security group a member of that SharePoint group. When an employee requires contribute permissions to that site we simply add that person to the AD security group and wait for replication. That approach has served us well...until now.

 

Now, when adding an employee to a security group that is a member of a SharePoint group we find that the permission level that SP group should confer is not being passed onto said employee. When you examine the employee's permission under "Check Permissions" they only show limited access with no mention of membership in that SP group.  This remains true even days after the employee has been added to the security group. Any advice?

1 Reply
I know this is an old post but we have done something similar. We use the Azure AD groups to assign permissions, However we do not put them in the SharePoint groups. We actually remove all SharePoint groups when we create a new site (except Teams related ones) and just use the Azure AD groups. We just add peoples accounts into the Azure AD groups and the permissions are given within 4 hours. The users just need to sign out of Browser for permission changes to be recognized. DO NOT remove SharePoint groups from Teams related SP sites or you will have to recreate the entire Team.