Hello @ahmed mohammed
Try to check the following links below for this concern:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
Cheers,
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm looking to understand how we can identify then manage migrating on prem AD security groups to Azure AD. There are 2 particular processes that I'm trying to understand the how tos - 1) How do I remediate this migration process for users i.e. is it as simple as deleting old groups created on prem and sync'd to the cloud and then creating a new cloud only group on Azure? this process needs to minimize disruption to users of resources. 2) What is the best way to identify the attributes that AD connect uses to determine if an on prem AD security group should be synced to the cloud or not.
Hello @ahmed mohammed
Try to check the following links below for this concern:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
Cheers,
Hello Ahmedmohammed,
Thank you for your question and reaching out.
I can understand you are having some queries regarding Azure AD.
Ans1 : Groups - Important points to be aware of when synchronizing groups from Active Directory to Azure AD:
Azure AD Connect excludes built-in security groups from directory synchronization.
Azure AD Connect does not support synchronizing Primary Group memberships to Azure AD.
Azure AD Connect does not support synchronizing Dynamic Distribution Group memberships to Azure AD.
Ans2 : Best way to identify the attributes
The default and recommended approach is to keep the default attributes so a full GAL (Global Address List) can be constructed in the cloud and to get all features in Microsoft 365 workloads. In some cases, there are some attributes that your organization does not want synchronized to the cloud since these attributes contain sensitive personal data, like in this example: Smart Card or PIN numbers
You can use the cloud sync feature of Azure Active Directory (Azure AD) Connect to map attributes between your on-premises user or group objects and the objects in Azure AD. This capability has been added to the cloud sync configuration.
https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-attribute-mapping
--------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--