AD Connect - Sync groups within groups filtering enabled

Lolo S 1 Reputation point
2022-11-22T07:57:22.007+00:00

Hi,

We would like to sync AD Groups (on premise) to Azure AD. Now, we have AD Connect with Group Filtering enabled.

Ex :
Group Filtering = Group_Filtering (Security Group - Global)
Group to sync = GroupAdToAzure (Security Group - Global)

We added "GroupAdToAzure" as member of "Group_Filtering" to be sure that is synchronized.

We receive an error during the sync. The message is :

Every group requires that the SecurityEnabled attribute have a valid value. This attribute indicates whether the group is a security enabled group. Please set this attribute, and then try again.
Tracking Id: 06b16b21-0b56-4557-a997-94219d21c693
ExtraErrorDetails:

When i check the metaverse, i correctly see that the group contains the "SecurityEnabled = True".

Could you help us ?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,491 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 144.8K Reputation points MVP
    2022-11-22T12:00:59.413+00:00

    Group filtering is not supported in production. Instead of trying to troubleshoot this, I would recommend moving to a supported method of attribute filtering:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#group-based-filtering

    263091-image.png


  2. Idit Bnaya 0 Reputation points Microsoft Employee
    2024-04-21T18:32:41.3166667+00:00

    I had the same issue and enable the securityEnabled attribute in Adconnect "Azure AD Attribute" solved my issue.
    User's image

    0 comments No comments