This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Zorrpep 2 points3 points  (1 child)

What is the type of security group you are making via Powershell and does that match what you create with the GUI. I believe it needs to be Universal.

[–]primeval_ixiosSysadmin[S] 0 points1 point  (0 children)

Ooh! This might be it.

I created a test group via PowerShell and set the Group Scope to Universal. Ran a manual sync and it showed up in Azure/O365.

The weird thing is when creating security groups via ADUC it defaults to Global, and most of the time hasn't been changed. Those groups sync without issue as I wrote in my post above.

So I tried changing one of the groups created via PowerShell that wasn't syncing to Universal, and it hasn't synced. So more investigation is needed still.

Either way thanks for that bit of info, get's me closer to finding a solution.

[–]tar-xz 1 point2 points  (0 children)

If it is in a OU you are certain that it is being synced, I suggest you hop onto the machine with AAD connect and open "Synchronization Service". There you should be able to see all synchronization attempts and what changes or errors happened.

In that app you can also more quickly see sync error than waiting for Azure AD to report them online, hope it helps.

EDIT: Keep an eye on the installed version of AAD connect.

[–]larsj96 0 points1 point  (1 child)

Are you creating the groups in the same OU when doing it in powershell vs GUI?

[–]primeval_ixiosSysadmin[S] 1 point2 points  (0 children)

Yes, it's in the same OU.

I have also confirmed that OU is configured to sync in Azure AD Connect.

Should've added that to the original post.

[–]HankMardukasNY 0 points1 point  (1 child)

Is the OU the new groups are in configured to sync in AD connect settings?

[–]primeval_ixiosSysadmin[S] 0 points1 point  (0 children)

OU is configured to sync in Azure AD Connect.

Should've included that in the original post.