 Nicholas says, I have a question regarding adding a group to a team. From what I know, you need to be owner of the team that you're adding the group to. Also, users in that group is added one by one, so is that not dynamic? We have several security groups, mail-enabled distribution lists, etc., sync to Office 365. What is the best way to do this? The same group is also needed to add as a group permissions to a SharePoint site. I would like to use on-prem created type of group sync to Office 365, but what is the best way here? My head's a spin-in. Hmm. A spin-in. Originally, when we got this question, we had talked about, I had put some notes in here. You can sync groups, so you can essentially take your M365 group and you're on-prem AD group, whether that's dynamic or static, and you can actually sync those via PowerShell so that you can basically make whoever's in that group be in the other group. But there is a brand new release that nested groups are now going to be supported in public preview, so you'll be able to have groups within groups as well in the Cloud. But if they've got an on-prem like AD group or an on-prem security group, and they want to sync it with their M365 group, there is an option to be able to sync those groups together as well. I've seen that done at a lot of my clients. Is that nested group functionality? Is that preview going on right now or is that just announced? It says it's now supported in public preview. Okay. All right. I put the link in there for you to share out. Excellent. Mike, any other wisdom to share there on AD sync? I'm not really. If it's any active directory, it's going to sync into AD, which is going to be brought into 365 because that's what the back end of 365 is. The problem is that in regular, and what I mean by regular, I mean on-premises AD is that you can run into a lot of problems when you have multiple nested groups. When you're dealing with LDAP queries and applications that require authentication and things like that, so it really gets messy when you start to nest too far. I think there's actually a limit on nesting. I think it actually is. Limit is like under 20 or something like that. I mean, it's not very large or it used to be anyways. I'm not a fan of nesting groups. I'm more of a fan of just breaking out the groups and having them stand alone. Much simpler. Keeps your AD a lot cleaner. There also are some fields that don't like to come across from on-prem AD to Azure AD as well, I've noticed. Unless there's a way around that, I mean you can do custom mappings, right? So you can set up custom mappings between on-prem AD and AAD, but you have to go in and define each one of those. You have to go in and create the custom field. You have to match the two up. It's like matching up cells when you're doing an export and Excel. You have to match up all that stuff. You have to do the same thing in AAD. All that is to say be forewarned if you're going to be connecting things and syncing things from on-prem to in the Cloud. There's always some extra special stuff you need to double-check. Yeah. Well, some folks they'll create things in M365. I ran into this where they go out and they create things in M365 because they don't know anything about Azure AD, which is, well, that's fine. But they go in and create things, users and teams and groups and shared mailboxes, you name it. Everybody has to understand that those are AD objects. Those are all things that are put into AAD. The problem is that some people are still using older versions of AAD sync, right, which used to be called AD Connect. It only syncs one way. It only goes from on-prem to the Cloud, or they turned off the reverse. They don't want anything updating their on-prem AD. They just want to populate the Cloud AD. Well, the problem is when they created all this stuff up in the Cloud, it was never brought down on-prem. People were like, well, it's syncing. How come I can't see it in both places? Well, because you either turned it off or you're using an old version that doesn't support it. So those are things to keep in mind. They shouldn't be using the old version, but you can still turn it off via registry hack, and I don't know why you would, but some folks want things to be that way. Let me just say that talking about Active Directory is one of the most exciting topics. Why am I here? I kept my hair slick so that I didn't have to worry with the technical questions. Is that sarcasm? Yeah. What? Yeah. What? Me? Is that because I'm talking about it, or would you be interested in it? It's always about you. I am. The other thing is too, when you- Oh, I'm not talking to you with you. Let me just say that also, I was going to call out Mike when you said, it's for people to create those other things with Microsoft, and that's okay. I was about to say, it's like, there's such contempt in that voice there. Just a little bit. Yeah.