如何将本地AD组同步到Azure AD [英] How to sync on-premise AD Groups to Azure AD
本文介绍了如何将本地AD组同步到Azure AD的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好,
Azure Active Directory不会同步所有本地AD组.如何将本地AD组同步到Azure AD?
谢谢
John
解决方案
你好,约翰,
将组从Active Directory同步到Azure AD时要注意的重要点:
- Azure AD Connect从目录同步中排除了内置安全组.
- Azure AD Connect不支持主要组成员身份与Azure AD同步.
- Azure AD Connect不支持同步要同步将Active Directory组作为已启用邮件的组添加到Azure AD:
- 如果该组的 如果该组的 proxyAddress 的属性为非空,它必须至少包含一个SMTP代理地址值.以下是一些示例:
- 一个Active Directory组,其proxyAddress属性具有值 {"X500:/0=contoso.com/ou=users/cn=testgroup"}} 不会启用邮件 在Azure AD中.它没有SMTP地址.
- Active Directory组,其proxyAddress属性的值为 可以在Azure AD中启用邮件.
- Active Directory组,其proxyAddress属性具有值 还可以在Azure AD中启用邮件.
参考链接:https://docs.microsoft.com/zh-cn/azure/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts
希望有帮助!
谢谢
Shubham
Hello,
Azure Active Directory does not sync all of the on-premise AD groups. How do I sync on-premise AD Groups to Azure AD?
Thank You
John
解决方案
Hello John,
Important points to be aware of when synchronizing groups from Active Directory to Azure AD:
- Azure AD Connect excludes built-in security groups from directory synchronization.
- Azure AD Connect does not support synchronizing Primary Group memberships to Azure AD.
- Azure AD Connect does not support synchronizing Dynamic Distribution Group memberships to Azure AD.
- To synchronize an Active Directory group to Azure AD as a mail-enabled group:
- If the group's proxyAddress attribute is empty, its mail attribute must have a value
- If the group's proxyAddress attribute is non-empty, it must contain at least one SMTP proxy address value. Here are some examples:
- An Active Directory group whose proxyAddress attribute has value {"X500:/0=contoso.com/ou=users/cn=testgroup"} will not be mail-enabled in Azure AD. It does not have an SMTP address.
- An Active Directory group whose proxyAddress attribute has values {"X500:/0=contoso.com/ou=users/cn=testgroup","SMTP:johndoe@contoso.com"} will be mail-enabled in Azure AD.
- An Active Directory group whose proxyAddress attribute has values {"X500:/0=contoso.com/ou=users/cn=testgroup", "smtp:johndoe@contoso.com"} will also be mail-enabled in Azure AD.
Reference link: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts
Hope that helps !
Thanks,
Shubham
这篇关于如何将本地AD组同步到Azure AD的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文