Problem:

When synchronizing UCS@school class groups to Microsoft 365 (for example, to allow teachers and students to use Microsoft Teams), some Teams are either missing completely or appear with incomplete member lists.

Investigation:

Several potential causes may lead to this behavior:

• Group type configuration
  The corresponding UCS group used for synchronization may be of type “Microsoft 365 Group” rather than “Security group”.

• Inconsistent group membership
  Users that were recently added to or removed from UCS groups may not appear immediately in Microsoft 365 if the synchronization cache still contains outdated membership information. In such cases, re-saving or re-adding group members can trigger a successful sync.

To inspect group memberships on UCS, you can verify the current members using the following command:

udm groups/group list --filter cn="<GroupName>" | grep users: | sed 's/^ *users: //' > member.list

This outputs the list of user DNs that are currently members of the specified group.

Solution

• Ensure group type is set to “Security”
  Open the UCS Management Console (UMC) → Groups → select the affected class group → set Group type to Security.
  After saving the change, the synchronization should correctly include this group in Microsoft 365, and the related Team should be created or updated as expected.

• Refresh group membership synchronization
  If changes are not reflected in Microsoft 365, temporarily remove and re-add affected users to the group in UCS.
  This can also be done via UDM or UMC:

udm groups/group modify --dn "cn=<GroupName>,ou=..." --remove users="<userDN>"
udm groups/group modify --dn "cn=<GroupName>,ou=..." --append users="<userDN>"

This ensures the connector reprocesses the membership update during the next synchronization cycle.