Dec 09 2020
- last edited on
Feb 01 2023
We're setting our our 0365 environment. Right now, we have an on premise AD server, which we installed AD Connect and are successfully synching with AAD and Office365. However, we're trying to manage our SharePoint sites and OneDrive permissions using local AD Groups. I've created a local AD security group and added a few members. It synchs to AAD successfully. However, when i go to create a new site in sharepoint, I cannot see the group, only individual users. I tried to then create an Office 365 group and add the local AD group to it, but that does't allow me to to add the local AD group, even though it shows up in AAD.
Ideally, we want to be able to assign users permissions to SharePoint sites and OneDrive using local AD groups, how do we accomplish this? also, I read that if we do this, that we won't be able to share the sharepoint sites with external users, since the AD group will be managed at our local AD level. This is why we wanted to add the local AD group to the Office365 group so we can also allow external people access to the sites by adding them to the Office365 group. Basically, what is the correct way to do this? or best practice?
Thanks for your help.
Dec 09 2020 11:26 PM
You need mail-enabled security groups for that (the sharing part at least). Also, nesting groups inside an O365 Group is not a supported scenario.