AD Primary groups and Entra
Came across something today and just felt the need to share. I was having an issue with a particular group that we were trying to sync to Entra. The group itself synced but it had no members on the entra side. After a lot of searching and testing I found out the following: If a user has a group set as their primary group, that user does not get listed in the "members" attribute and thus their membership doesn't get synced to Entra.
By default, a user gets added to the "domain users" group and that gets set as their primary group. If you happen to create a user that is not a member of the "domain users" group, whatever group you add them to first gets set as their "primary group". If you then want to sync that group to entra, they won't show up. Hopefully this post will save someone else some time in the future...