Link group to AD Group
Why we cannot use our group in Active Directory to create group in Teams?
Veronique
shared this idea
Hi everyone, I wanted to check in on this ask because it’s died down since GA, and also because the ask is not totally clear to me.
Right now, we provide a way during the team creation process for you to select an existing Office 365 group. Are you asking to be able to do this same thing, but outside of Teams?
Do let me know!
Sincerely,
Suphatra
50 comments
-
Anonymous
commented
yes, please, we so need this!
-
Anonymous
commented
David's comment from 8/5/2020 hits it on the head. I think what we're looking for is dynamic Teams membership based upon on-premises AD group membership.
-
david green
commented
We have on premise AD security groups based on job roles that control everything a staff member gets across our whole estate including UEM settings, file system access the whole nine yards.
When a staff member changes job role such as move to another department team we move them from one security group to the other and everything he (or she) needs changes accordingly.
these groups are visible in Azure AD but cannot be nested in an Office 365 group to change the staff members team membership to reflect their job role change.
We are just adopting Teams and are finding this a severely limiting situation. -
Simon Jackson
commented
Active Directory Group (security or distribution group) would need to be fully sync'd using Azure AD Connect - of course. But I see no real reason why this cannot be chosen as a source/ACL for the allocation of Teams/Chanels and the assignment of members there-in.
Totally agree with Suphatra!
-
Jason Sturgeon
commented
We want to manage team membership by associating an AD security group with a team and manage membership via the AD security group.
-
Jay
commented
no, we want to be able to manage the members of a team by adding/removing people from an AD security group
-
Anonymous
commented
I need the same functionality as @Ella. People being a member of an AD-group will be a member of a certain team.
This way you can manage the Teams with AD-memeberships. When someone moves within the company they are automatically moved to a different team as well.
self management works fine for tech-savy companies, but a lot of our users barely know how to turn on a computer. -
Ella
commented
As more need to use the Microsoft Teams Collaboration tool, we need to be able to manage Team membership by referencing an Active Directory groups. When would this feature be available? Initially it was supposed to be available 2020 Q1 and now it's moved to 2021.
Can this project be prioritize as it's critical piece for managing security for corporations.
Thank you -
Dave
commented
How can this still not be a feature in Teams?
Lets make this simple to understand:1) Access an ON-PREM domain controller and add/remove users from a AD Group
2) The AD Group changes then sync to AzureAD as expected
3) MISSING: Those changes then sync to TeamsWhy is #3 missing?? This is a very basic feature and limiting enterprise uptake of teams.
-
Francis Grace
commented
https://fisglobal.sharepoint.com/sites/Unity/Lists/Unity%20Resource%20List/AllItems.aspx
The link above is a current list of resources on the Unity Program that is manually managed. A process to automate/control sync of on-boarding and off-boarding resources with Active Directory would be of value. -
Daniel
commented
Specifically, for the chat contacts, in Skype for Business I could add a group of contacts from Exchange, and if the members in the group changed then it would update my contacts list automatically. In Teams this functionality is missing, I cannot add groups from Exchange, all contacts need to be managed manually.
I do not want each new member of staff to have to manually add all their team's contacts when we have groups already setup for this. Missing this feature is a waste of staff time.
-
Benjamin Gilardi
commented
We would like to manage Team membership by referencing an Active Directory group.
-
Bill Wesson
commented
I would like to dynamically add and remove team members based upon being added or removed from an on-premise AD security group. Without this feature, management wants to explore alternatives to Teams.
-
mvinay
commented
Ask here is to be able to create meeting with existing group for Onprem synced group (Groups which are created onprem ad and then synced to online AD)
-
Anonymous
commented
I think where the confusion perhaps comes in is with the word "link". The reality here...and this goes for every system that Microsoft ever creates in the post Bill Gates / Steve Balmer era (as those guys and their legions at the time intrinsically understood this)...is that if you can add or remove a user to something and/or assign permissions to a users, you must be able to do the exact same thing for a group. Everywhere you interact with a user, please provide interaction with an AD group in the same manner.
We don't want syncing, we don't want linking, we don't want importing. We want a group to work just like a user. It has work this way in the Windows world for eons. We want the same across the board in Azure.
-
Anonymous
commented
Agree with the general comments and have another take: in Skype, in my contacts, I can create a group and add an AAD group to it. From that point on, that contact group adjusts as the AAD group membership changes. The fact that Teams does not fundamentally see how corporations rely on AD and AAD to manage the organization.
-
Anonymous
commented
1. Invite users to a team by using an AD group. This works.
2. When I add users to AD group, they are not invited to the team. But I think they should.We have a bunch of role-based AD groups, and using them with Teams would be a great advantage.
-
Bogdan Manolache
commented
I think I just duplicated this request:
https://microsoftteams.uservoice.com/forums/555103-public/suggestions/35964481-sync-teams-and-office-365-groups-with-email-distri -
Anonymous
commented
It's fairly straight forward. We manage an on premise AD and sync to Azure AD. We manage all user permissions with AD groups. Anything other than that quickly becomes unmanageable. So we need to use AD groups to assign rights to teams so that we can have total visiblity of a users's rights in the event of audit, account deactivation or change of duties. Specifically too, it should be possible to assign different AD groups different rights in a team, ie not a 1:1 relationship between the team and the AD Group.
-
Anonymous
commented
Seems like such an obvious link to make after adding azuresync.
1 :1 synchronisation between ad security group and a team is a must have functionality