× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

AD group is not synced to O365

Showing results for 
Search instead for 
Do you mean 
Reply
Participant III
Posts: 40
Registered: ‎04-06-2016
#1 of 6 2,150

AD group is not synced to O365

Hello Centrify experts,

  

We use AD groups to provide O365 licenses to our users. I mean that in Centrify Admin Portal – Roles – Office 365 – Members page I put an AD group, not individual users. It usually works fine but yesterday I got strange issue with this. Some users were unable to login to their O365 apps. O365 portal shows those users as ‘unlicensed’… Looks like AD group is not synced to O365 anymore. I have quickly fixed it by manually adding individual users to Centrify Admin Portal – Roles – Office 365 – Members page.

 

How can I troubleshoot this issue?

 

Thanks for your help.

Centrify Advisor III
Posts: 75
Registered: ‎09-08-2015
#2 of 6 2,118

Re: AD group is not synced to O365

 Hello @Unisys and welcome back to the Centrify Community...

 

We recently implemented a change which prevents use of Domain local or Distribution groups for Role use. Could it be the group you are using is a Domain local? This would have continued to work, if so, despite us no longer allowing these type of groups to be selected when chosing to add as a member to the role, up until a few days ago.

 

Please check the group you are referring to and if a domain local or a distribution group, please convert it. 

 

This KB not only explains the changes, why and when they were made, but also how to correct it. 

 

https://centrify.force.com/support/Article/KB-6906-How-to-convert-a-distribution-group-to-a-security...

 

Please let me know if this does not help, and we may need to dig deeper (perhaps open a Support case if possible?)

 

I hope this is a qucik fix for you.

 

Have a great weekend!!

 

Ryan V. 

Participant III
Posts: 40
Registered: ‎04-06-2016
#3 of 6 2,105

Re: AD group is not synced to O365

Ryan, 

 

thank you for your reply.

 

My group is scope is 'global' ans type is 'security'. It should not be affected by that change.

 

Any other idea?

Participant I
Posts: 1
Registered: ‎05-16-2017
#4 of 6 1,650

Re: AD group is not synced to O365

i am also facing issue, Please suggest, what can be done to sync the group.

few members which are removed from AD, are still reflected in cloud AD group

 

Thanks,

NG

Participant III
Posts: 40
Registered: ‎04-06-2016
#5 of 6 1,642

Re: AD group is not synced to O365

Hi NG,

 

 

I do not use AD groups now. I sync individual users. I will definitely check it later again. Adding Users straight from the Admin Portal is of course serving it's purpose but using an AD Group will greatly simplify management.

 

> few members which are removed from AD, are still reflected in cloud AD group

 

Hmm, if I understand correctly your description... this sounds like different issue. Please make sure your Cloud connector service has sufficient privileges on AD "Deleted objects container". So Cloud connector service can see deleted AD users and remove them from cloud also. 

 

Or you can use powershell to remove those unwanted users manually. Please find more details in post below (by Nick / Drmikan).

 

http://community.centrify.com/t5/Centrify-Express/unwanted-Active-Directory-users-synchronized-to-Of...

 

 

Best regards,

UniSys

 

Centrify Advisor I
Posts: 62
Registered: ‎12-12-2012
#6 of 6 1,638

Re: AD group is not synced to O365

Hi Support26474

As you are our customer, we have filed a support ticket to follow up with you on this issue till resolved.

 

Please feel free to let us know if there is any question.

 

Thank you.

Best Regards,

Henry