AD Connect - Sync groups within groups filtering enabled

Lolo S 1 Reputation point


We would like to sync AD Groups (on premise) to Azure AD. Now, we have AD Connect with Group Filtering enabled.

Ex :
Group Filtering = Group_Filtering (Security Group - Global)
Group to sync = GroupAdToAzure (Security Group - Global)

We added "GroupAdToAzure" as member of "Group_Filtering" to be sure that is synchronized.

We receive an error during the sync. The message is :

Every group requires that the SecurityEnabled attribute have a valid value. This attribute indicates whether the group is a security enabled group. Please set this attribute, and then try again.
Tracking Id: 06b16b21-0b56-4557-a997-94219d21c693

When i check the metaverse, i correctly see that the group contains the "SecurityEnabled = True".

Could you help us ?


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,491 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 144.8K Reputation points MVP

    Group filtering is not supported in production. Instead of trying to troubleshoot this, I would recommend moving to a supported method of attribute filtering:


  2. Idit Bnaya 0 Reputation points Microsoft Employee

    I had the same issue and enable the securityEnabled attribute in Adconnect "Azure AD Attribute" solved my issue.
    User's image

    0 comments No comments