ps0ve (ps0ve) asked a question.
Hi,
We have over 1500+ existing groups in AzureAD that are currently used for permissions in Office 365 for various things such as Email Distributions lists, Exchange Public Folders, Sharepoint and so on. We've turned on Universal Sync within the Microsoft Office 365 integration and we were able to successfully sync our on prem AD users to O365 by matching the users based on the email attribute.
Now the issue that we're facing is that were unable to sync our on prem AD groups to O365. We've never had these groups in our on prem AD, so we created the groups in hopes that universal sync would match the groups by matching the email attribute. Well that was a negative and apparently AD groups don't necessarily sync the same way as users do.
Has anyone ever been successful in syncing/matching existing AzureAD Groups with newly created on prem AD groups after turning on Universal Sync? Looking for any sort of help or assistance from anyone.
Thanks,
Jayson
Hi Jayson
Push groups for Office 365 might be what you're looking for but this request might be bettered served via a support ticket.
Our environment might be different from yours but with Universal Sync enabled, I have a checkbox below "Universal Sync" where it allows me to select the AD Profile master that we're syncing from. I have that box checked and also in the AD profile master setting, I make sure that the SYNC section for "OUs connected to OKTA" has our AD groups selected. This setup works for us.
But definitely would confirm with Support before anything because the stakes can be high for any issues that may occur.