Hello Ahmedmohammed,
Thank you for your question and reaching out.
I can understand you are having some queries regarding Azure AD.
Ans1 : Groups - Important points to be aware of when synchronizing groups from Active Directory to Azure AD:
Azure AD Connect excludes built-in security groups from directory synchronization.
Azure AD Connect does not support synchronizing Primary Group memberships to Azure AD.
Azure AD Connect does not support synchronizing Dynamic Distribution Group memberships to Azure AD.
Ans2 : Best way to identify the attributes
The default and recommended approach is to keep the default attributes so a full GAL (Global Address List) can be constructed in the cloud and to get all features in Microsoft 365 workloads. In some cases, there are some attributes that your organization does not want synchronized to the cloud since these attributes contain sensitive personal data, like in this example: Smart Card or PIN numbers
You can use the cloud sync feature of Azure Active Directory (Azure AD) Connect to map attributes between your on-premises user or group objects and the objects in Azure AD. This capability has been added to the cloud sync configuration.
https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-attribute-mapping
--------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--