Why check for "mailEnabled" when checking for security groups? #9
Comments
|
There is no specific problem per say, just the volume, the reason why I have originally excluded email groups was just a vast amount of them on most Entras I have seen, and per requirements I had at a time they should not be synced. There is SCIM API limit of how many groups there can be (soft limit of 5k by default, there is possibility of extending that) Probably there should be flag added to sync process to define which group types should be synced. This way we could easily decide what is the strategy for these groups :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why does the script only process "Security groups" specifically, and exclude "Microsoft 365 groups" and "mail-enabled security groups"? Are there any potential problems caused by changing the checks? For example
From:
if group_info.get('mailEnabled') == False and group_info.get('securityEnabled') == True:To:
if group_info.get('securityEnabled'):Testing with some dry-runs locally with these changes seems to fix an issue we see where some mail-enabled security groups that have been synced from on-prem AD to Entra are not included in the SCIM sync
The text was updated successfully, but these errors were encountered: