Use dynamic AD groups in Teams with DynamicSync

Companies using both Active Directory and Entra ID can use their AD groups strategically in the cloud. The DynamicSync Service  enables members from AD groups to be added to Teams (Microsoft Teams) and to be managed dynamically. You can find out here how this works.

Practical use of on-premise groups in the cloud

Hybrid IT – On-premise and cloud

If you manage your users and permission groups in Active Directory, then you can also use them practically in the cloud (Entra ID). With AAD Connect, Microsoft’s synchronization tool, the user accounts and groups in your Active Directory directory service are synchronized with Entra ID. So far, so good.

With the new DynamicSync synchronization service, you get greater flexibility in managing group memberships in the cloud.

Use DynamicSync, to add members of

• synchronised groups, as well as
• M365 and security groups

to other AAD groups (i.e. M365 or security groups). 

Get to know DynamicSync

Advantages of AD groups

Since AD is the leading directory service for user, group and device management in many companies, it makes sense to use this data source in Entra as well.

Ideally, users and groups in Active Directory are well-managed and always up to date. AD groups can therefore serve as the basis for cloud group memberships.

How does this work in practice?

Add AD group members to Teams

Save members of a synchronized AD group as a team

In our practical example, a company wants the members of an AD group to work together as a team in Microsoft Teams.

Specifically, all members of the AD group “Sales” are to be added to a team in Microsoft Teams (“Team Sales”). 

As a first step, synchronize the AD group “Sales” with your Entra ID (via AAD Connect).

Now, create a new team in the Microsoft Teams Admin Center or directly in the Microsoft Teams client. When your team is created, you get a new M365 group in Entra at the same time.

Now DynamicSync takes over.

With the DynamicSync service you select a source group (in our example, group “Sales” that was synchronized from AD) and a target group (“Team Sales” = new M365 group).

The members of the source group are available in the preview:

After saving the operation, DynamicSync synchronizes all members of the “Sales” group into the “Team Sales” team.

After the successful SyncJob, all members of the original AD group “Sales” are a member of “Team Sales”.

We need DynamicSync
It is also possible to exclude members of the source group by using an exclusion list. They will be filtered out during synchronization and will not receive membership in the team.

Dynamic update of group members

A major benefit of DynamicSync is the dynamic updating of all group members. Through continuous scheduled synchronization of AAD groups, group memberships are updated at continuous intervals.

The exclusion lists remain in place during synchronization, so manual changes are no longer necessary.

Organizations that want to use AD groups as the basis for groups in the cloud have the task of continuously maintaining their groups in Active Directory and pushing them to the cloud via AAD Connect. Of course, IT administrators benefit from managing group memberships in just one database. It reduces the workload and saves time.

Further advantages of DynamicSync

Besides the clear and fast synchronization of AAD groups, DynamicSync offers further advantages.

You can add members of a team to additional M365 and security groups through which you control various permissions, such as:

• Teams access
• file storage in SharePoint
• license assignments
• mobile apps

Due to automatic scheduling, the synchronization processes run at regular intervals.

Of course, administrators can also create dynamic groups in Microsoft Teams. However, this has the effect that team owners can no longer edit the team (add or remove members).
With DynamicSync, this option remains: Owners of a team retain the ability to continue editing members of their dynamic team.

In addition, DynamicSync is a more affordable alternative to the costly Azure P1 and P2 licenses.

Dynamic groups in Entra ID – Find out more

Next to the free online demo, our friendly staff is also available to talk by phone. Take advantage of our experience and call us at
+49 89 215 442 40.

About First Attribute

FirstAttribute AG is an independent, German cloud service and software company with a focus on Identity & Access Management (IAM) for AD and M365.

Since its foundation in 2001, FirstAttribute has successfully supported many well-known medium-sized and large companies in Germany and internationally.

Contact us for questions about dynamic groups in AD and AAD, as well as questions about Identity & Authorization Management and M365/Microsoft Teams.

Contact us now