Skip to content

Home

Take control over AD-managed groups

Screenshot of fake Entra ID group, with source set to Windows Server AD

I am working through automating user onboarding at an Enterprise-size client from start to finish, and group memberships is one of the hurdles.

Although groups can be synced to Entra ID, the Source of Authority (SOA) is still the AD of the business unit. This can complicate management of group memberships, because membership for groups can only be modified at the source. This complicates automation, like user creation (including groups) and management.

However, automatically managing AD groups isn't impossible. There are several options that an organization can choose from, each with their own benefits and caveats. Those are:

  • Enabling Group Writeback in Entra ID Cloud/Connect Sync
  • Changing the 'source of authority' (SOA) of groups
  • Using an Azure-based solution to send commands to local infrastructure

I'll go through the three options and guide you through the decision, with some bonus options at the end.

Taking over Bookings

What if I told you, you don't need an administrator to create a shared mailbox? What's even better, when creating a shared mailbox for yourself and colleagues, you'll get a whole booking page (courtesy of Microsoft Bookings) added to it!

Bookings logo pointing to Outlook logo

Personal goals for 2024

Year recaps are so 2023. Let me tell you what I have planned for 2024. I say 'you', but this blog is mostly for myself. 😅

I have had an amazing year, where I was able to jumpstart my career into IT security. So, for 2024 I wanted to have a big goal to help me sharpen my skills towards automation, architecting and governance.

Personal goals image