Transfer team members from AD department groups
Would you like changes in your AD department groups to be automatically transferred to Microsoft Teams?
Let’s assume this scenario: Your operational departments use their own teams in MS Teams. All employees of the department are automatically also members of the team. However, IT manages your departments traditionally in Active Directory. If the employees in a department change, this is registered in AD first – and not automatically updated in Teams. The use case described in this article is based on a real case study of one of our customers.
FirstWare IDM-Portal makes it possible for AD group members to be automatically and continuously updated in Microsoft Teams.
Index
Departments have their own teams for their employees
In this article, we will show you a solution how changes to users and groups in AD can lead to automatic updates of group memberships in Microsoft Teams. In particular, we demonstrate how Teams members are transferred from department groups located in AD.
Let’s start with this scenario:
- Your departments use their own department-specific teams in Microsoft Teams.
- The department groups are maintained on-premise in AD.
- All members of the department group should also be members of the team.
You are looking for a solution how to update memberships in department groups automatically in Microsoft Teams – without having to make changes manually in the Teams Admin Center.
It is often the case that employees change departments, are absent for a longer period of time or even leave the company. The more employees a company has, the greater the administrative workload, of course. This makes practical solutions that automate administrative processes and on-premise directories synchronized with cloud applications all the more useful.
Memberships in departments change – in AD and in Teams
Our solution: Use FirstWare IDM-Portal to do just that.
With IDM-Portal, you manage all your user accounts and groups in AD through a user-friendly separate interface. You write directly to AD without having to open the AD Users and Computers console.
This makes the IDM-Portal a great tool for delegating user management tasks to non-IT staff, as it requires no expert IT knowledge. Via role-based delegation (RBAC), users are given customized read/edit permissions that allow them to read or write what is required for their role.
Now, if an employee’s department membership changes, this is immediately updated in IDM-Portal by selecting a new department in the employee’s user account. 
The employee immediately loses all permissions of his old department group and gets all permissions of the new department group. This also means that the employee must get access to the department team in Microsoft Teams. However, this cannot be set in AD.
Express option: Team members from department groups
So how does the group membership change get into the cloud and into the team?
In a first step, this is possible in a simple and conventional way via Azure AD Connect. The department group is synchronized to the cloud. But this is where the journey ends. At least no further synchronization is possible with Microsoft’s native tools.
IDM-Portal, on the other hand, allows synchronization of AAD groups to other groups in the cloud. Specifically, this means that the synchronized AD department group can be further synchronized.
In a second step, an automatic synchronization of the department group into the M365 group of the department team takes place with the help of IDM-Portal. All current members are transferred. The new employee has immediate access to his new team and can chat and collaborate with his colleagues.
Continuous synchronization between AD and AAD as well as AAD groups into other AAD groups (e.g. M365 groups, the basis for Teams) keeps group memberships always up-to-date. The update intervals can be set individually, depending on the needs of the company. Thus, not only the group memberships, but especially the access rights are always up to date.
Do you have a similar problem and want a quick and practical solution? Contact us and get to know our FirstWare IDM-Portal. Many companies rely on it – be one of them!
