One of the best things about Office 365 is its Groups feature. With Office 365 Groups, your organization can build Microsoft Teams for each of its departments: sales, customer service, marketing, and so on. Your teams can then communicate seamlessly with one another. There’s just one problem, though: because Groups and Teams in Office 365 are “cloud only,” integrating them with your organization’s existing Active Directory groups can be a real challenge.
In the past, if you were managing groups via Active Directory and wanted to enable additional functionality by merging those groups with Office 365 (as an Office 365 Group or Team), you’d run into problems. While it’s always been possible to use Azure AD to connect and sync your Active Directory Groups with Azure AD, actually enabling those groups as Office 365 Unified Groups or Microsoft Teams has never been possible. Now, all of that’s changed.
Office 365 Groups, Microsoft Teams, and Active Directory Groups
Not long ago, we here at JourneyTEAM were working with a client who already had a long list of well-defined, fully functional Active Directory Groups that were essential to the daily operations of their organization. This company wanted to implement Microsoft Teams, and they had good reason to. But, at the same time, they weren’t exactly thrilled about the idea of trying to re-create and manage a bunch of groups that already existed in Active Directory.
A lot of companies find themselves in this same situation. That’s why JourneyTEAM has come up with a solution that:
● Leverages specific AD groups that already exist
● Automates the transition process: moving your group from the AD environment to Office 365 is as simple as “flagging” that group in your system
● Membership changes in your AD group are automatically updated in Office 365
How It Works
With the help of our “PowerShell Scripting Genius” (AKA Joe Crandall) here at JourneyTEAM, we’ve put together a PowerShell script which -- in combination with the full functionality of Azure AD Premium -- allows us to do all sorts of tasks on the backend. Here’s what the script does:
● First, it looks at a specific AD Security Group and writes a unique value into that user’s extensionAttributeXX.
● Next, the script looks in Azure AD to determine whether there’s a matching group or team in Office 365. If there isn’t one, the script automatically creates a new Microsoft Teams group using the Dynamic Attribute rule to determine team membership.
● As the Azure AD Connect sync process fires up, it sends the extensionAttributeXX (with the AD Security Group unique ID) to Azure AD, which uses this information to automatically add users to the newly created group.
● If a user is removed from the AD group, their extensionAttributeXX value is updated in Azure AD, which results in their removal from the Office 365 Group.
This may sound complicated, but on the user end everything happens automatically! JourneyTEAM will implement additional scripts during setup to prevent duplicate groups and ensure that everything runs smoothly.
Contact JourneyTEAM Today
If you’re looking to leverage your existing Active Directory groups in your new Office 365 environment, this is the solution you’ve been waiting for! To learn more about how JourneyTEAM can help your organization succeed, visit our website or call us at 800.439.6456.