AD Connect - Impact on existing users by changing configuration options

IT RLB Dubai 0 Reputation points
2023-09-16T12:03:39.6466667+00:00

Current Scenario - We have AD Connect specifically syncing users in a Univeral Security Group in a OU. Only the users in the group within this OU gets sync to AAD.

Our aim is to sync all users & groups within this OU. We like to understand the impact of changing the configuration option in AD Connect.

  1. What happens to users who are within multiple groups?
  2. Will all Global Security Groups sync ONLY as a group or both the groups and all its members sync? What if only the group syncs and not its members? what happens to the members syncing from the existing group?
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,412 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,298 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 18,441 Reputation points Microsoft Employee
    2023-09-18T06:07:46.7933333+00:00

    @IT RLB Dubai

    Thank you for posting your question in Microsoft Q&A.

    As I understand currently you are syncing only one OU which is in Sync scope and you have one group which is part of this OU.

    Now you want to sync all users part of this OU to Azure.

    Once this configuration is done, users who are part of this OU will get synced to Azure AD. And if you also have the groups which are part of this OU, even groups will get synced and by default these users whoever is part of these groups will become member of same groups in Azure AD.

    to sync both groups and there members to Azure, you need to put both users and groups in the sync scoped OU.

    If you do not have users part of synced scoped OU and you only have groups part of synced scoped OU, then only the groups will get synced and there will not be any members in it in Azure.

    If you do not have groups part of synced scoped OU and you only have users part of synced scoped OU, then only users will get synced to Azure AD.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.