Great question. There is no native migration path for on-premises dynamic groups, since they are based on rules that exist in on-premises directory. You need to re-create these as dynamic groups in the cloud, which require an Azure AD Premium P1 license. Also if you are using these groups for email (aka mail-enabled) then be sure to backup the 'LegacyExchangeDN' attribute first before deleting the on-premises group, then restore it as an X500 proxy address on the new cloud-based dynamic group. Otherwise, users will receive a non-deliverable bounced email when their Outlook autocomplete cache fails to find the original distribution list. The new cloud-based group will not sync to the on-premises mail server, so if you still have mailboxes on-premises you'll need to create a contact object in the on-premises Exchange Server that is located in an OU that does not sync to Azure AD (otherwise if Azure AD syncs that contact object, it will conflict with the new cloud-based group).