Share via

Using security groups with Office 365 and Sharepoint

Anonymous
2017-04-07T10:39:36+00:00

Hi

I’m having trouble using security groups with Office 365 and Sharepoint.

Creating a new security group in O365 Admin centre works fine and I can add members to the new group.

Moving to Sharepoint, the new group does not show up as a sharing option on any object neither does it show to be added to an existing SP group, i.e. Team Site Members.

Security groups created in the past, months ago, do show up and can be added to Sharepoint objects and SP groups. But new users added to these existing groups do not gain the rights of the groups.

This may be time related, on at least one occasion a user added to an existing group eventually gained the right of that group 48 hours later.

Is this behaviour correct? Or is there a way for forcing an immediate update of O365 groups in Sharepoint?

Thanks

Peter

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2017-04-22T10:01:14+00:00

    Hi Peter,

    Please check the article below, it explains the process the which a security group goes as well (besides other stuff like user properties), when synced from the Azure Active Directory.

    Information about user profile synchronization in SharePoint Online

    “SharePoint Online uses the Active Directory Import timer job (AD Import) to import users and groups into the User Profile Application. AD Import syncs changes from the SharePoint Online (SPO) Directory Store to the User Profile Application.”

    And the A1 regarding the Q1 under FAQs specifically:

    “The Service Level Agreement (SLA) states that a change to a user in the SPO Directory will be reflected in the User Profile Application in 24 hours. This is the maximum period of time under ordinary conditions that we would expect a change to take to sync to the User Profile Application.”

    This part says that it might take 24h only for the AD Import to SPO UPA to sync. Before this we need to have the Azure AD to SPO Directory sync as well. Also, since Office 365 and SharePoint Online is a multi-tenant software as a service, the process depends as well on the server load, timer jobs and especially on what you are syncing (how many users in groups, how many site collections and so on), which might take more time as well for the synchronization.

    If all your groups take more than 48 hours to sync, we would need the following information to troubleshoot:

    1. Create a new security group with one user and see how long it takes to be appeared when sharing items in SharePoint Online.
    2. Create a new security group without any users and see how long it takes to be appeared when sharing items in SharePoint Online.

    If they both take more than 48 hour to sync to SharePoint Online, please provide these group names to us. To protect your privacy, I have sent you a private message to collect the information. You can check the PM via the link below:

    https://answers.microsoft.com/en-us/privatemessages/list

    Regards,

    Spike

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2017-04-12T10:00:43+00:00

    Hi Peter,

    Thanks for your information.

    Glad to know the group created on 7/Arp/17 is now available in Sharepiont, and users added also active now. If the group created on 8/Apr/17 or another new created group still shows up latency, please share the permission screenshot with us.

    Meanwhile, I would like to confirm your tenant information. To protect your privacy, I have sent you a private message (PM) to collect them. You can check the PM via the link below:

    https://answers.microsoft.com/en-us/privatemessages/list

    Regards,

    Linda

    Was this answer helpful?

    0 comments
  2. Anonymous
    2017-04-10T10:45:39+00:00

    HI Linda

    Thanks for your response.

    1. Yes the group is a security group
    2. Sharepoint Admin Centre > User Profiles > Manage User Permissions > everyone except external user > Add. All boxes under Permissions were checked already. OK selected anyway.

    B.1) Created new group. This was listed in Admin > Groups immediately

    B.2) Able to add users to this new group immediately. User correctly shows as a member under Admin > Group > Show users.

    Regarding our questions:

    1. To clarify, that was an existing user added to as a new member to an existing group. In this case the user was added to a group S_V…., granting access to specific assets. As noted bellow this took 1-2 days to become active.
    2. Permissions for the group created on 7/Apr/17:

    Permissions for the new group created to day 10/Apr/17 not available as the group is not seen in Sharepoint.

    1. It is now the case that both new users and groups that do not appear in Sharepint options for a considerable time (2 – 3 days !)
    2. No the newly created group do not show up for sharing.

    It seems that changes are just taking a long time to propagate from Office Admin to Sharepoint. The new group created on 7/Arp/17 is now available in Sharepiontl, but wasn’t 8/Apr/17 which would indicate a delay between 1-2 days. The user added to an existing group also became active around the same time.

    Regards

    Peter

    Was this answer helpful?

    0 comments
  3. Anonymous
    2017-04-08T16:21:25+00:00

    Hi Peter,

    Any updates?

    Regards,

    Linda

    Was this answer helpful?

    0 comments
  4. Anonymous
    2017-04-07T13:35:27+00:00

    Hi Peter,

    First, we can use security groups to control permissions for our site by adding security groups to sharepoint groups and granting permissions to the sharepoint groups. We cannot add distribution groups to SharePoint group. So make sure the group is not a distribute group.

    For more details. please refer to the article: https://technet.microsoft.com/en-us/library/cc261972.aspx.

    Meanwhile, please navigate to SharePoint Admin Center > User profiles > Manage User Permission > type in everyone except external user> check names > Add > make sure each box is picked under Permissions > OK. Then you can create a new group to test it again. It may need some time to take effect.

    If the issue persists, I would like to confirm the following information to clarify your situation:

    1. Regarding "new users added to these existing groups do not gain the rights of the groups.", please capture a screenshot of the new user's permission to us.
    2. A screenshot of the group's permission. To check the user or group permission, please go to the top level site and click the settings icon like a gear > site settings > users and permissions> site permissions > check permission > type the user account or the group into the box > check now.
    3. Do all new created users and groups have the same issue or just security groups?
    4. If you type in a new created account when sharing, will it show up?

    Regards,

    Linda

    Was this answer helpful?

    0 comments