Azure AD DynamicGroups

With DynamicGroup you can use on-prem dynamic memberships in Azure AD.

Automate hybrid environments with Active Directory and Microsoft 365 / Azure AD.

DynamicGroup uses native Microsoft technology to be cloud-ready.

Dynamic-Group-Memberships-Update-Hybrid-AD-AzureAD

DynamicGroup automates on-premises security groups first.

With the synchronization group memberships in Azure AD are dynamically updated as well.

Active Directory to Azure AD dynamic groups

Most companies and organizations run a hybrid directory solution. Comming from the old server client world and mixing it with Microsoft 365 services such as Exchange Online is very common these days.

The difficulty is that companies have two directories with similar, but not same functionality. To ease the management of users and groups (permissions) it is recommended to synchronize On-Premise Active Directory to Azure Active Directory. Most organizations use AAD Connect for that.

If you want a distribution group or security group to be the same in both worlds – AAD Connect will do the job.

Dynamic Group Memberships in Azure AD hybrid

The automation of group memberships depends on your directory. Azure only works different from Active Directory first oder hybrid environment. If you on-premises groups are not up-to-date, your Azure AD groups will be outdated as well.

Group Automation: What is your main directory?

Azure AD first

Microsoft provides a solution for Azure AD dynamic group memberships with the most expensive subscription of Microsoft M365 (O365). But it doesn’t necessarily helps to have updated group memberships in Active Directory Pn Premises.

To get that with Microsoft tools you have to establish a downsync. If you are living in a hybrid world with Azure AD first – this would be the solution to go for.

Active Directory and hybrid

Unfortunately most companies have Active Directory as their main directory for users, computers and groups. This is the main reason why you should consider to automate group memberships on-premises first. Azure AD dynamic groups will be simulated with a synchronization mechanism (such as AAD Connect).

FirstWare DynamicGroup Approach

FirstWare DynamicGroup is based on local (On Premises) Active Directory. Different from other solutions automated groups are not special object types in Active Directory or need an additional database.

The approach is to use clean, normal Acitve Directory groups and store relevant information directly to the group.

The advantage is a group object that can be synchronized to Azure Active Directory without any problems. AAD Connect synchronizes the group depending on the set time interval. Any update for AD on premises group memberships will be pushed to the cloud as soon as AAD Connect finished its job.

Use Active Directory dynamic groups as Azure AD dynamic groups for:

Distribution lists / distribution groups
Security groups
Department groups
OU groups
License groups
and much more

Conclusion

Dynamic Azure AD groups are possible in combination with an on premises Active Directory. You can use DynamicGroup to your advantage. Simply create these dynamic groups with filters and synchronize them with AAD connect to the Microsoft cloud (AAD/M365).