asked on
SharePoint Online Security Group Access
Hi, we are in the process of migrating our on-prem SharePoint 2013 to SharePoint Online. We have a hybrid environment using adconnect to sync to O365. Im using the Microsoft SharePoint Migration tool which has been working great. One thing im noticing is that it does copy the permisisons but any domain security group that we have been currently using on prem do not work in SharePoint Online. Can we not use on- prem groups to allow sharepoint site/folder access? Or do we have to use the online sec groups or O365 group?
Microsoft SharePointSecurityMicrosoft 365
Last Comment
MNESupport
ASKER
Updating the AD Connect tool to the latest v1 release seems to have reolsved the issue.
Hello
if you say, "to the latest v1 release", which version have you used before? A version before "v1" I would usually interpret as beta.
The AD Connect is responsible to sync users and groups (dependend from the configuration) from local AD to Azure AD.
This have to work of course before you migrate SharePoint Sites with permissions based on groups.
The final question at the end is, why your old version didn't sync the groups, or if they are synced but possibly different than expected or just the dfefault settings are different between the two version?.
if you say, "to the latest v1 release", which version have you used before? A version before "v1" I would usually interpret as beta.
The AD Connect is responsible to sync users and groups (dependend from the configuration) from local AD to Azure AD.
This have to work of course before you migrate SharePoint Sites with permissions based on groups.
The final question at the end is, why your old version didn't sync the groups, or if they are synced but possibly different than expected or just the dfefault settings are different between the two version?.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
you just should have the imagination, that a M365 service doesn't have access to your local AD. They are synchonized via a services. YOu can keep them in sync via the synchronisation service, so if you create a groups in your local AD; the groups is also synced to AAD. Including the users.
If you move content from SharePoint on presmise to SharePoint Online, any migration tool would throw out all permissions, which can not resolved on the target.
In other words:
SPS on premise works with local AD accounts / groups
SPS Online works with AAD accounts / groups
So if you move content, you have to make sure that the users and groups are synced to AAD before you move the sites and SharePoint can resolve them. Or you need a mapping, which AD group should be mapped to withch AAD group.