Using Azure Ad Connect Sync Security Groups

During setup, Azure AD Connect automatically creates Azure AD Connect Sync Security Groups. A Microsoft 365 Enterprise Administrator can use these groups to delegate control in Azure AD Connect to other users. You can also use these groups to assign a user temporary permission to run a manual synchronization or to use Azure AD Connect to troubleshoot directory synchronization issues.

Group Name Description
ADSyncAdmins Administrators Group: Members of this group have Full Access to do anything in the Azure AD Connect Sync Service Manager.
ADSyncOperators Operators Group: Members of this group have access to the operations of the Azure AD Connect Sync Service Manager, including:

  • Execution of Management Agents
  • View of Synchronization Statistics for each run
  • Ability to save the Run History (Operations Tab) to a file

Members of this group must be a member of the ADSyncBrowse Group.

ADSyncBrowse Browse Group: Members of this group have permission to gather information about a user’s lineage when resetting passwords.
ADSyncPasswordSet Password Reset Group: Members of this group have permission to perform all operations by using the password management interface.

Members of this group must be a member of the ADSyncBrowse Group.

The groups are created as local groups on domain-joined servers, or as Active Directory domain groups when you install Azure AD Connect on a domain controller


Which version of OneDrive I am running?

As a user, probably one day you would ask this question to yourself, so I will explain how to know which version of OneDrive 4 Business you’re running.

First of all, you will need to go to “C:Program FilesMicrosoft OfficerootOffice16”

Take into account that the directory will change in case you are using the 32 bit version or if you have installed the SO in another language.

Try to locate the Groove.exe application, right click and select properties, navigate to details tab and you will see there the version you’re running:


Also is it possible to do this by clicking Crtl+Shift+Esc, go to Details tab, click on Groove.exe, right click, Properties, details and you will see the same version as showed before. And then… compare if it the last version or if you need to update the client

Hope it helps!

Where is the miisclient??

Tons of times I have asked this question to myself, finally I was able to found it by doing a search in the drive letter, but I want to me more efficient 😛

So, if you are in same situation as me, you can find the 2010 and 2013 clients in the following locations:

MSS2010: C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShell

MSS2013: C:Program FilesMicrosoft Office Servers15.0Synchronization ServiceUIShell

Till the next time!

Deactivate Synchronize libraries

Hi all,

As many of you know, SharePoint 2013 includes a feautre that it’s called sync, that allows to synchronize a library with your own OneDrive.


As many of you know, it is a really cool feature, but in case you need deactivate this feature from a Web Application, you would need PS to do this:

Get-SPSite -limit all | get-SPWeb -limit all | Foreach {$_.Title = $_.Title; 
$_.ExcludeFromOfflineClient=1; $_.Update()}


That’s all, easy, isn’t it?