Active Roles provides the facility to perform administrative tasks, for example, create, read, update, and delete groups in Azure Active Directory (Azure AD) through the Web Interface. You can also perform other operations, for example, add and remove members to Azure AD groups. Some of the group operations can be performed using the Management Shell in addition to the Web Interface. The following section guides you through the Active Roles Web Interface and Management Shell to manage Azure AD groups.
Active Roles allows you to perform the management tasks on Hybrid AD groups using the Web Interface.
To create and enable a new Azure AD group, you can use the Active Roles Web Interface.
To create a new Azure AD group with the Web Interface
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Click the domain in which you want to create a new group.
-
In the list, click the required Container or the Organizational Unit.
-
In the Command pane, click New Group.
-
In the General Properties > New Group > <OU name> wizard, enter the group details such as group name, pre-Windows 2000 group name, description, group scope, and group type.
Group scope provides the option to create a Global or Universal group, and Group type enables you to create a Security or Distribution group.
-
Click Next.
-
In the Create Azure Group wizard, select Create Azure Group.
Select the Tenant name from the Tenant list drop down. The Azure AD details for the new group are generated automatically and populated in the respective fields.
NOTE: To set values for additional properties in the General Properties wizard, select the check-box corresponding to Open properties for this object when I click Finish.
-
Click Finish.
NOTE: In Federated or Synchronized environments, Azure AD group creation is not supported. The group is created in Active Roles and it is synchronized eventually to Azure using Microsoft Native tools, such as AAD Connect. To manage the Azure AD group through Active Roles, you must perform periodic back-synchronization to on-premise AD.
To view or modify the properties of an existing Azure AD group, you can use the Active Roles Web Interface.
To view or modify the Azure AD group properties with the Web Interface
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Click the specific domain, Container or the Organizational Unit, and then the specific group for which you want to view or update the Azure AD group properties.
-
In the Command pane, click Azure properties.
The Azure Properties wizard for the group account is displayed.
-
To view or modify properties of the Azure AD group, use the tabs in the Azure Properties wizard.
-
After setting all the required properties, click Save.