Link group to AD Group
Why we cannot use our group in Active Directory to create group in Teams?
Hi everyone, I wanted to check in on this ask because it’s died down since GA, and also because the ask is not totally clear to me.
Right now, we provide a way during the team creation process for you to select an existing Office 365 group. Are you asking to be able to do this same thing, but outside of Teams?
Do let me know!
Lasse Skomsvold commented
We sync local AD to Azure AD. We want to choose a local AD group, where the member of that group becomes the member of the team
Lasse Skomsvold commented
What is the status on this ?
There will be a lot of management if I have to add all the users in the team. It would be great if I could use AD groups.
Al Linke commented
We see that we can add an AD group to a Team but it's static meaning the individual users will be added. But if another user gets added to that AD group tomorrow, this new person will not dynamically be added to the Team. This is a pretty basic and what's needed.
John D. Shkolnik commented
We have a ton of AD groups which are locally managed. At the very least, we'd want to add an AD group as a member of a Team rather than maintain membership in multiple places. This is no different than what we do for TFS, VSTS, SharePoint, etc.
I especially like to see the AD/AAD groups to be available for defining team membership also after the group has already been created. Whenever a user is added to an AD group he/she would get an access to the Team using that group, and whenever user is removed from the AD group, he/she would lose the access.
When I read this originally and voted for it I was assuming "groups" referred to Security and/or Distribution groups in AD.
As I see it, Microsoft mission for Office 365 Groups (utilized by Teams) is to decentralize management and give control back to the users to create and manage groups as need, with limited control and oversight from IT. Is an interesting philosophy and has many implications for IT departments now and for the future.
That said, it would still be nice to utilizes dynamic Security and/or Distribution groups for user access control with Teams. It would be incredibly complex if not impossible to create a Team that is a Security/Distribution group and utilize that groups email address and what have you. I'd propose that the Security/Distribution group be used to maintain user access to an existing Team. Users can be added to the Security/Distribution group in AD and automatically gain access to that Team and users can be removed from a Security/Distribution group in AD and their access to that group will be automatically revoked.
Hi Suphatra, the team user management is wished to allow adding and removing of active-directory groups. We don't want to create a groups group to be added in the creation process only. It needs to be a maintainable setup where organization's members membership in a team can be defined by their e.g. departmental AD-Group (Not groups group!) while externals can be managed as individuals outside AD.
An additional plus would be to allow creating groups of individual externals to have a better structure in the user management. E.g. an external consultancies staff summarized in one group could be removed from the team in whole once their engagement is over.
Ben Higgins commented
Selecting an existing O365 group is great during creation, but requires new users to be added manually, and old users removed.
Linking membership to an AD group would allow the group membership to manage itself.
Nick Folkmann commented
We currently use Active Directory Sync from our on premise Active Directory to Office 365. We also use ldap with many of our applications we have in our environment. It would be great to be able to find those AD security groups in teams to set what users are part of a team. This would help simplify our access levels across all our platforms. We also use those security groups to apply permissions to our SharePoint online sites.
I love Office 365, but in today's connected clouds interoperability is key. You have built Office365 based on technology from yesteryear that has yet to adapt to a simple function. Namely, Active Directory. IF sharing is caring then Office365 doesn't care. I can't use half of my Office365 apps becuase I can't share the technology with the people outside my organization because they require an account within my organization. This is an inherited problem with AD. Therefore, SharePoint and Onedrive all have this issue as well. So does teams, so does....everything in Office365. There's no adding public users based on a simple email address, they have to be a part of my organization or else! Looking at other providers who don't have the inherent issues AD brings with it (like dropbox, like asana, like gmail) The other platforms are open this one has everything in one place but it's closed off.
c'mon, stop stifling innovation in your apps that are designed to increase innovation. Stop making it so my team has to be employed by me. My team should be anyone I choose, anywhere they are. They need not be behind my walls to contribute.
This is the #1 feature that would sway my organisation from slack to teams, as we don't want to create and manage a "team" that contains all the developers in the organisation. If we could have a "team" that is linked to our "software development department" AD group, we could just create channels for every slack topic/channel we have at the moment.
Edwin Setyanto commented
or at least allow office365 group to allow nested group.
William Yin commented
We need the ability to create a "team" with AD groups, otherwise, it will end up creating another "group" which already exists, and we have to maintain members in two separate groups.
Marlo Bell commented
More specifically, I want to add an AD group to a Team (as a member) and people automatically gain and lose access with their AD group membership.