Office 366 groups and AD groups

Copper Contributor

We're setting our our 0365 environment.  Right now, we have an on premise AD server, which we installed AD Connect and are successfully synching with AAD and Office365.  However, we're trying to manage our SharePoint sites and OneDrive permissions using local AD Groups.  I've created a local AD security group and added a few members.  It synchs to AAD successfully.  However, when i go to create a new site in sharepoint, I cannot see the group, only individual users.  I tried to then create an Office 365 group and add the local AD group to it, but that does't allow me to to add the local AD group, even though it shows up in AAD.  

Ideally, we want to be able to assign users permissions to SharePoint sites and OneDrive using local AD groups, how do we accomplish this? also, I read that if we do this, that we won't be able to share the sharepoint sites with external users, since the AD group will be managed at our local AD level.  This is why we wanted to add the local AD group to the Office365 group so we can also allow external people access to the sites by adding them to the Office365 group.  Basically, what is the correct way to do this? or best practice? 

Thanks for your help.

2 Replies

You need mail-enabled security groups for that (the sharing part at least). Also, nesting groups inside an O365 Group is not a supported scenario.

@Vasil Michev Thank you.  That's what I've been ready also, that it's not supported, but it was on their roadmap, but from what I was reading, it sounds like it was coming by the end of the year, I guess not.