Share via

Azure AD Sync - Device Groups Not Syncing Members

Travis Rabe 6 Reputation points
2021-06-09T16:19:27.44+00:00

I have setup some device groups and have some other well established device groups and have just noticed that groups containing devices are not syncing correctly to Azure. The groups themselves sync, but members of the groups, if there are device groups, do not.

For Example:

  • I have a Security Group in AD called "CorpComputers"
  • One of the members of that group is "CorpComputerA"

Both the Group and the machine can be found in Azure, but the machine cannot be found as a member of that group in Azure.

I've tried changing the group to a "universal" group to see if that would make a difference, but it had no impact. What am I missing?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-06-09T22:56:22.69+00:00

    Azure AD Connect does not support synchronizing Primary Group memberships to Azure AD. You may need to change the Primary Group.

    Azure AD Connect does not support synchronizing Dynamic Distribution Group memberships to Azure AD.

    Nested groups also aren't supported.

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/exclude-user-primary-group

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.