Link group to AD Group
Why we cannot use our group in Active Directory to create group in Teams?
Hi everyone, I wanted to check in on this ask because it’s died down since GA, and also because the ask is not totally clear to me.
Right now, we provide a way during the team creation process for you to select an existing Office 365 group. Are you asking to be able to do this same thing, but outside of Teams?
Do let me know!
Bill Wesson commented
I would like to dynamically add and remove team members based upon being added or removed from an on-premise AD security group. Without this feature, management wants to explore alternatives to Teams.
Ask here is to be able to create meeting with existing group for Onprem synced group (Groups which are created onprem ad and then synced to online AD)
I think where the confusion perhaps comes in is with the word "link". The reality here...and this goes for every system that Microsoft ever creates in the post Bill Gates / Steve Balmer era (as those guys and their legions at the time intrinsically understood this)...is that if you can add or remove a user to something and/or assign permissions to a users, you must be able to do the exact same thing for a group. Everywhere you interact with a user, please provide interaction with an AD group in the same manner.
We don't want syncing, we don't want linking, we don't want importing. We want a group to work just like a user. It has work this way in the Windows world for eons. We want the same across the board in Azure.
Agree with the general comments and have another take: in Skype, in my contacts, I can create a group and add an AAD group to it. From that point on, that contact group adjusts as the AAD group membership changes. The fact that Teams does not fundamentally see how corporations rely on AD and AAD to manage the organization.
1. Invite users to a team by using an AD group. This works.
2. When I add users to AD group, they are not invited to the team. But I think they should.
We have a bunch of role-based AD groups, and using them with Teams would be a great advantage.
Bogdan Manolache commented
I think I just duplicated this request:
It's fairly straight forward. We manage an on premise AD and sync to Azure AD. We manage all user permissions with AD groups. Anything other than that quickly becomes unmanageable. So we need to use AD groups to assign rights to teams so that we can have total visiblity of a users's rights in the event of audit, account deactivation or change of duties. Specifically too, it should be possible to assign different AD groups different rights in a team, ie not a 1:1 relationship between the team and the AD Group.
Seems like such an obvious link to make after adding azuresync.
1 :1 synchronisation between ad security group and a team is a must have functionality
One more thing.
I am gonna assume this feature will come in the future :).
So.. By the time you implement this feature, please make sure we have the ability to merge team/groups. As right now we already have created a team consist of our Active Directory Group(duplicate group in Office User Group)
This is regarding having Active Directory Group, as a default created group on Teams.
As you may know, being in MS environment with Active Directory, we set people into groups(which essentially Department in my organization).
This will be a perfect group to start Teams with, instead of creating new group.
Well of course we still need all the functionality of current Teams creation, but having a button with a function to create group based on Active Directory make our life easier.
After all if we see from Office Portal, the teams we created on Teams shows up as a group, along with groups from Active Directory.
John Berlo commented
This is a definite need for us as well. Being a hybrid environment, we need to maintain AD groups. Going through a process to add new team members to both an AD group and a team would be quite a burden and take a portion of an FTE.
I will add my voice to this thread, as this is a very basic idea that should have been implemented from the start. Please allow the use of AD groups to add members to a TEAM!!
We have location based on-premise security groups (i.e TorontoStaff, RedmondStaff etc). These get automatically populated by HR system and sync to AAD using AAD connect. We don't have on premise Exchange so group write-back is not an option.
We are noticing stale groups and also users are hesitant to be the owner of a group because they would need to manage membership.
If O365 groups/teams could auto sync with on-premise managed groups, it would definitely increase the adoption of O365 Teams. It can be a simple interface that would allow group owners to list groups that they want to sync from.
Joel Pfund commented
I'ld like to use AD group to manage access to Teams ! Would be a great feature !!
Still waiting for this essential feature.
I would also like to have the functionnality to use AD group for Office 365 Teams without having to use Office 365 Groups....
This would take the product to a new level. We currently have to manage two sets of groups, AD and O365 groups.
Jeremy Good commented
Please add the ability to link AD groups to a team/group. Thanks!
Julie Peck commented
We would also like this functionality. We have AD Security groups for each project we run which gives the members access to the project's data in on-premise systems.
We would like to use Teams to enable the project teams to collaborate. To ensure consistent project team membership we would like to synchronise Office 365 Group membership changes with AD Security group changes so that if you are a member of a project, then you have access to all systems that the project uses.
We have a great on premisis AD group structure. Each role within a team is a group and all the role groups are a member of a role group that represents the whole team. For example
role_HRTeam_member <-this group represents the whole HR team and contains the following
email@example.com < this guy is 'just a member' of the team one day he might get a promotion and be moved int '_manager'.
Capabilities are assigned (printers, shared folders, distribution groups, etc) to the 'top level' group (role_HRTeam_Members). E.g.
acl_HRFolders_FullControl contains role_HRTeam_Members and is used to grant access to the shared HR Folders on servers
prn_HRHPLJ4100_fullcontrol contain role_HRTeam_Members is used to grant access to the HP LJ4100 in the HR Office
sw_HRSoftware contains the role_HTTeam_Members and is used by SCCM and AD to assign software and settings to the correct group of people.
There are also a separate Managers and Admins distribution groups that respectively contain all _managers and _admin groups.
As team members change, we modify one group and all the necessary changes cascade thanks to our nested group structure.
So what we need is to be able to make any of our (sync'ed) AD groups the foundation for the groups that drive Teams, and have AzureAD keep the memberships in sync with the group from.
Following the example above we want there to be an HR 'Team' and set its membership to keep in sync with role_HRTeam_Members.