stackoom
  简体   繁体   中英

Using the Azure AD Connect Tool

 原文  2016-12-08 14:19:41       azure/ azure-active-directory

Question

I am using the Azure AD Sync tool to get users from local AD to Azure AD. It is syncing all the users that I choose from a group and creating them in Azure AD.

The issue I have is I need the group to be created in Azure AD and the users that are getting synced should be placed in that group. I could not find any option which does that..can some one please tell me if it's possible using this tool or maybe some other tool.

Thanks

3 answers

solution1
 0  2016-12-08 14:29:19

I don't think you can achieve that with AADConnect, but you could create a group in Azure AD when the users are synchronized, and add those users to the group, with PowerShell\\Cli\\whatever. I might be wrong thou, I'm not a big user of AADConnect. You might be able to write a custom sync rule inside FIM\\MIM for that (the backbone of Azure AD Connect), but I've never tried that. I'm pretty sure not out of the box thou, so you would need to create a custom agent or implement FIM Service (might be mistaken on this thou).

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnectsync-configure-filtering

solution2
 0  2016-12-09 10:48:33

If you configure "Filter Users and devices" for just sync memberships in this group, it will synchronize only the members of that group to AAD.

Here is a way for you: create another group G2 and add your group G1 into this group. Then in AADConnect, configure it to filter on G2 , after synchronization, your G1 will be synchronize to AAD as well as all members in it. You may need to perform a Full Sync .

solution3
 0  2016-12-29 16:04:32

The suggestion by @Bifeng Dong - MSFT would work. Also, you could try setting up Dynamic membership for a group in Azure AD - Where members are automatically added to that group based on a condition check (Attribute). While syncing, you could sync the users with some specific logic to differentiate the user groups between synced and in-cloud users.

Here are the references:

Managing groups in Azure Active Directory: (Ctrl+F and search for term "dynamic" to find about dynamic group) https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-manage-groups

Using attributes to create advanced rules: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-with-advanced-rules

FYI - Dynamic Group is a part of Azure AD Premium License (P1) https://azure.microsoft.com/en-in/pricing/details/active-directory/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to Azure AD using username/password Using Azure AD Credientials to Connect with CRM Webservices Continuous sync of photos from AD to AAD using AAD Connect tool Azure AD Connect - Azure AD Connect Connect to Azure AD using Powershell commands from Azure App Service Azure: connect to VM using an Azure AD account (WAAD) AZure AD connect and Azure AD firewall Using powershell to connect to azure ad using access token Azure AD “Description” field missing when sync'd using Azure AD Connect
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM