How can I synchronize Active Directory groups into Office 365?

This FAQ was last modified on: Wednesday, August 1, 2018 06:51pm

Departments can create groups in the Georgia Tech Active Directory (AD) that will be synchronized into Office 365 if they meet the following requirements:

  • They must be located in the "Office365" sub-OU found under the "Groups" OU for your department. 
  • The group must be named with the "departmental OU" Prefix (the OU name 2 levels up) and a hyphen.  Do not include the leading underscore if your department's Prefix has an underscore.  (Example 1:  Department "GT" would use "GT-".  Example 2: Department "_ATL" would use "ATL-". )
  • The group name cannot contain a space.  
  • The group may have users and other groups as its members, but only objects already provisioned in Office365 will show up as members of the group when it is synchronized in Office 365.  Your group must have at least one member that is in Office 365 to sync. 

An automated process takes groups that meet the requirements above and creates/updates a target group with the following characteristics:

  • Same name, but the samaccount name will have the prefix "cloud-" added.
  • Updated membership. Any nested groups will be "flattened" by recursively enumerating its group membership.

The target group will then be synchronized with Office 365 as a normal security group as part of the normal directory synchronization process. Please note these groups should be used for permissions/delegated access and are not to be used as distribution groups. Any issues introduced by using them for distribution is taken on by the sender.  Properly configured groups may take 2-3 hours to fully sync from AD into Office 365. ​