Link group to AD Group
Why we cannot use our group in Active Directory to create group in Teams?
Hi everyone, I wanted to check in on this ask because it’s died down since GA, and also because the ask is not totally clear to me.
Right now, we provide a way during the team creation process for you to select an existing Office 365 group. Are you asking to be able to do this same thing, but outside of Teams?
Do let me know!
David's comment from 8/5/2020 hits it on the head. I think what we're looking for is dynamic Teams membership based upon on-premises AD group membership.
david green commented
We have on premise AD security groups based on job roles that control everything a staff member gets across our whole estate including UEM settings, file system access the whole nine yards.
When a staff member changes job role such as move to another department team we move them from one security group to the other and everything he (or she) needs changes accordingly.
these groups are visible in Azure AD but cannot be nested in an Office 365 group to change the staff members team membership to reflect their job role change.
We are just adopting Teams and are finding this a severely limiting situation.
Simon Jackson commented
Active Directory Group (security or distribution group) would need to be fully sync'd using Azure AD Connect - of course. But I see no real reason why this cannot be chosen as a source/ACL for the allocation of Teams/Chanels and the assignment of members there-in.
Totally agree with Suphatra!
Jason Sturgeon commented
We want to manage team membership by associating an AD security group with a team and manage membership via the AD security group.
no, we want to be able to manage the members of a team by adding/removing people from an AD security group
I need the same functionality as @Ella. People being a member of an AD-group will be a member of a certain team.
This way you can manage the Teams with AD-memeberships. When someone moves within the company they are automatically moved to a different team as well.
self management works fine for tech-savy companies, but a lot of our users barely know how to turn on a computer.
As more need to use the Microsoft Teams Collaboration tool, we need to be able to manage Team membership by referencing an Active Directory groups. When would this feature be available? Initially it was supposed to be available 2020 Q1 and now it's moved to 2021.
Can this project be prioritize as it's critical piece for managing security for corporations.
How can this still not be a feature in Teams?
Lets make this simple to understand:
1) Access an ON-PREM domain controller and add/remove users from a AD Group
2) The AD Group changes then sync to AzureAD as expected
3) MISSING: Those changes then sync to Teams
Why is #3 missing?? This is a very basic feature and limiting enterprise uptake of teams.
Francis Grace commented
The link above is a current list of resources on the Unity Program that is manually managed. A process to automate/control sync of on-boarding and off-boarding resources with Active Directory would be of value.
Specifically, for the chat contacts, in Skype for Business I could add a group of contacts from Exchange, and if the members in the group changed then it would update my contacts list automatically. In Teams this functionality is missing, I cannot add groups from Exchange, all contacts need to be managed manually.
I do not want each new member of staff to have to manually add all their team's contacts when we have groups already setup for this. Missing this feature is a waste of staff time.
Benjamin Gilardi commented
We would like to manage Team membership by referencing an Active Directory group.
Bill Wesson commented
I would like to dynamically add and remove team members based upon being added or removed from an on-premise AD security group. Without this feature, management wants to explore alternatives to Teams.
Ask here is to be able to create meeting with existing group for Onprem synced group (Groups which are created onprem ad and then synced to online AD)
I think where the confusion perhaps comes in is with the word "link". The reality here...and this goes for every system that Microsoft ever creates in the post Bill Gates / Steve Balmer era (as those guys and their legions at the time intrinsically understood this)...is that if you can add or remove a user to something and/or assign permissions to a users, you must be able to do the exact same thing for a group. Everywhere you interact with a user, please provide interaction with an AD group in the same manner.
We don't want syncing, we don't want linking, we don't want importing. We want a group to work just like a user. It has work this way in the Windows world for eons. We want the same across the board in Azure.
Agree with the general comments and have another take: in Skype, in my contacts, I can create a group and add an AAD group to it. From that point on, that contact group adjusts as the AAD group membership changes. The fact that Teams does not fundamentally see how corporations rely on AD and AAD to manage the organization.
1. Invite users to a team by using an AD group. This works.
2. When I add users to AD group, they are not invited to the team. But I think they should.
We have a bunch of role-based AD groups, and using them with Teams would be a great advantage.
Bogdan Manolache commented
I think I just duplicated this request:
It's fairly straight forward. We manage an on premise AD and sync to Azure AD. We manage all user permissions with AD groups. Anything other than that quickly becomes unmanageable. So we need to use AD groups to assign rights to teams so that we can have total visiblity of a users's rights in the event of audit, account deactivation or change of duties. Specifically too, it should be possible to assign different AD groups different rights in a team, ie not a 1:1 relationship between the team and the AD Group.
Seems like such an obvious link to make after adding azuresync.
1 :1 synchronisation between ad security group and a team is a must have functionality
One more thing.
I am gonna assume this feature will come in the future :).
So.. By the time you implement this feature, please make sure we have the ability to merge team/groups. As right now we already have created a team consist of our Active Directory Group(duplicate group in Office User Group)