AD Connect sync does not sync Security Groups

Sunith Philip 0 Reputation points

We are trying to sync a AD Global Security group to Azure AD. We can sync users however, the security group does not show in AzureAD.

The members within the group syncs correctly however can we sync the security group?

We have included the OU in AD Connect configuration.

We have tried & tested the proxyaddress in AD Attribure editor



The AD Connect sync does not throw any errors and successfully completes the sync. We can see the changes in the logs but the security group does not show in Azure AD under groups.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,605 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 130.6K Reputation points MVP

    Is it set as the users primary group or a built-in one? If so that is expected.

    Otherwise here are the requirements to sync a group:

    User's image

  2. Sunith Philip 0 Reputation points

    @Andy David - MVP

    1. We have tested the latest version on a test server and noticed all the groups syncing correctly. However, we want to test this on our production and please advise how do we set up ad connect on a new server and configure it to sync only a specific OU that has users and groups. 

    Do we migrate to a new server?

    Or uninstall the current ad connect and install-configure it on the new server.

    Most importantly we do not want any changes in the Azure AD, the users already in there must not be affected.

    1. On the current AD Connect we noticed under AD Connect configuration

    Domain and OU Filtering - 2 OUs "Groups" & "Pulse_Users" under the OU "User Accounts" are selected.

    The OU "Pulse_Users" has a security group named "PulseG"


    Next - Filter users and devices: current selection is "Synchronize Selected" & the entry is as below "CN=PulseG,OU=Pulse_Users,OU=User Accounts,DC=cn,DC=contoso,DC=com"

    and hence only the members of this group is being synced. The group is not synced and ONLY the members.

    Do I need to modify this entry or what happens if we select "Synchronize all users and devices"


    Do we need to change any settings in the below window.


    1. Current AD users and M365 users have 2 different passwords. How can we enable sso for users to have the same password for the domain computer login & M365 account? the M365 has mfa enabled.
    0 comments No comments