The best Microsoft 365 tips on the web

Manage users and groups in (Azure) Active Directory? - mailbox - create

You can manage users and groups in Active Directory or in Azure Directory. In this blog, I explain some of the basics. Then I explain how you can get started with groups and users yourself.

What is Azure Active Directory?

They have a similar name, but Azure AD is not a cloud version of Windows Server Active Directory. Nor is it intended as a complete replacement for an on-premises Active Directory. If you are already using a Windows AD server, you can connect it to Microsoft Azure Active Directory to extend your directory to Azure. This approach allows users to use the same credentials (username and password) to access local and cloud resources.

A user can Azure AD also use AD independently of Windows. Smaller companies can Azure AD use it as a sole directory service and use it to manage access to their apps and SaaS products, such as Microsoft 365, Salesforce and Dropbox. Source.

Azure Active Directory (AAD)

Azure Active Directory creates a connection between on-premises active directory and Azure Active Directory. This is a practical way to keep users in sync from the on-premises environment.


Benefits: Same password on-premises and in the cloud. Management is largely in Active Directory.
Disadvantages: Complexity, some things you have to do on-premises, some in the cloud, you have a lot of dependencies in the 'old' environment. In Azure AD often sometimes it is easier to implement new things.

Active Directory synchronization can be activated via these instructions or via the video below.

Group management in Azure Active Directory

After you set up synchronization, you can create and manage users and groups in both the on-premises Active Directory and the Cloud Active Directory.

Conceptual illustration with users, directories and subscriptions in Azure

With a Azure AD-group allows users to be organized, making it easier to manage permissions. Using groups, the resource owner (or the Azure AD-Directory owner) can assign a set of access permissions to all members of the group.

With groups, policies can be defined and then specific users can be added and removed. Thus, access can be granted or denied with minimal effort.

Even better, Azure AD allows you to define membership based on rules, such as the department where a user works or the position they hold.

In Azure AD , you can define two different types of groups:

  • Security Groups. These are the most common security groups and are used to manage member and computer access to shared resources for a group of users. For example, you can create a security group for a specific security policy. This way you can give a set of permissions to all members at once instead of adding permissions individually for each member. This option requires a Azure AD administrator.
  • Microsoft 365 groups. These groups provide opportunities for collaboration by giving members access to a shared inbox, calendar, files SharePoint-site and more. This option also allows you to give people outside your organization access to the group. This option is available to both users and administrators.

Navigate to Azure AD through this portal. Then press groups.

Press: "New group"

Next, choose which group you wish to create.

Create a security Group as a test.

Create a dynamic group in Azure AD

Create a security group via https://portal.azure.com. click on: new group

Choose dynamic user

The group is created in this example

You can work with a rule policy like the one below. This means everyone with the domain described below will become a member. (user.userPrincipalName -contains "@jedomein.be")

Creating a group in the on-premises Active Directory

Open Active Directory Users and Computers on the Active Directory Server.

Create a group in Active Directory using the designated icon in this screenshot above.

Start a sync via Azure AD Connect to make it visible in Azure AD.(tip)

Benefits of Azure AD groups

Open Azure AD to view the groups. You can see on the right side that the member management group comes from the Windows Server AD and the other group was created directly in Azure AD .

To management, it really looks the same. When are Azure AD groups more convenient than groups from your Windows Server AD.

  • Group management and delegation: If you do groups management in the cloud, i.e. in Azure AD you can more easily give permissions to delegate management to responsible people. (Owners) Users are able to add people to groups themselves. More on this in this blog.
  • Exchange management and dynamic groups: It is also possible to create dynamic groups via Exchange Online. Again here the groups are best via Azure AD in management.
  • Naming policy and expiration policies: It is more convenient to activate automatic policies in Azure AD than in Active Directory. A screenshot below. Practical guide, here.

User management in Active Directory or Azure Active Directory?

From Office 365 create a new user?

Creating a mailbox for a new user. A mailbox, Teams, OneDrive and all other features included in the license can be activated automatically after a user will be created in Office 365.

If your users via Azure AD connect are provided at Office 365 then it is not possible to modify properties of the AD object. Email addresses and all other properties must be done on-premises. Permissions and settings of everything except the user and mail settings must be done via Azure AD . If you have your user in the cloud you can manage all properties there as well.

Managing Group Membership: Through https://admin.microsoft.com/AdminPortal/Home#/users it is possible to look up your user and click on Groups. Through this menu, add users to the AD groups.

It is also possible to create a user from Azure AD.

Using on-premises active Directory to create a user?

Create a new user through Active Directory Users and Computers and do a manual Azure AD synchronization.

The uses will arrive in Azure AD after syncronization. There you can assign a license.

The result

Users can be created in 2 places.

  • Either through Azure AD - Test User-AAD@365tips.be
  • Either through Active Directory test user@365tips.be


Cloud management is on the rise. An organization can also use Azure AD independently of Windows AD.

Smaller businesses can use Azure AD as a single directory service and use it to manage access to their apps and SaaS products, such as Microsoft 365, Salesforce and Dropbox. But even if your focus is on the Cloud shift, you can get off and move your printers, documents and applications so you can misshien your on-premises Active Directory.

Users can be created and managed on-premises and in the cloud. In Azure AD there are some advantages over Active Directory. Are looking for a Cloud workplace be sure to read: In 15 Steps to a Digital Workplace!

Also read

Create guest team and restrict general channel usage
Adding devices in Endpoint Manager - Azure AD or Hybrid Join?
Office 365 In education - Setting up a class - Starter Guide
How to share files in Office 365 - 8 scenarios

Tagged: , ,
0 0 vote
Article review
Please let us know if there are

Inline feedbacks
See all comments
Would love to know your thoughts, please leave a comment.x