This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 28.000000000000004%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
We are trying to sync a AD Global Security group to Azure AD. We can sync users however, the security group does not show in AzureAD.
The members within the group syncs correctly however can we sync the security group?
We have included the OU in AD Connect configuration.
We have tried & tested the proxyaddress in AD Attribure editor
X500:/0=contoso.com/ou=contoso_Users/cn=_T1
X500:/0=contoso.com/ou=contoso_Users/cn=_T1,SMTP:_T1@contoso.com
SMTP:_Tasks@contoso.com
The AD Connect sync does not throw any errors and successfully completes the sync. We can see the changes in the logs but the security group does not show in Azure AD under groups.
Is it set as the users primary group or a built-in one? If so that is expected.
Otherwise here are the requirements to sync a group:
@Andy David - MVP thank you for your response.
To keep my question simple - is it possible to sync AD Global/Universal Security Groups to Azure AD, as a "group". I understand we can sync the members of Universal Security groups but my query is if we can sync the group as a whole. if so, how?
Do we migrate to a new server?
Or uninstall the current ad connect and install-configure it on the new server.
Most importantly we do not want any changes in the Azure AD, the users already in there must not be affected.
Domain and OU Filtering - 2 OUs "Groups" & "Pulse_Users" under the OU "User Accounts" are selected.
The OU "Pulse_Users" has a security group named "PulseG"
Next - Filter users and devices: current selection is "Synchronize Selected" & the entry is as below "CN=PulseG,OU=Pulse_Users,OU=User Accounts,DC=cn,DC=contoso,DC=com"
and hence only the members of this group is being synced. The group is not synced and ONLY the members.
Do I need to modify this entry or what happens if we select "Synchronize all users and devices"
Do we need to change any settings in the below window.
Do we migrate to a new server?
Or uninstall the current ad connect and install-configure it on the new server.
Most importantly we do not want any changes in the Azure AD, the users already in there must not be affected.
Domain and OU Filtering - 2 OUs "Groups" & "Pulse_Users" under the OU "User Accounts" are selected.
The OU "Pulse_Users" has a security group named "PulseG"
Next - Filter users and devices: current selection is "Synchronize Selected" & the entry is as below "CN=PulseG,OU=Pulse_Users,OU=User Accounts,DC=cn,DC=contoso,DC=com"
and hence only the members of this group is being synced. The group is not synced and ONLY the members.
Do I need to modify this entry or what happens if we select "Synchronize all users and devices"
Do we need to change any settings in the below window.