使用 Azure Active Directory 在组中添加或删除另一个组Add or remove a group from another group using Azure Active Directory

本文帮助你使用 Azure Active Directory 在组中添加和删除其他组。This article helps you to add and remove a group from another group using Azure Active Directory.

Note

如果尝试删除父组,请参阅如何更新或删除组及其成员If you're trying to delete the parent group, see How to update or delete a group and its members.

将组添加到另一个组Add a group to another group

可以将现有安全组添加到其他现有安全组(也称为“嵌套组”),以创建成员组(子组)和父组。You can add an existing Security group to another existing Security group (also known as nested groups), creating a member group (subgroup) and a parent group. 成员组继承父组的特性和属性,节省了配置时间。The member group inherits the attributes and properties of the parent group, saving you configuration time.

Important

当前不支持:We don't currently support:

  • 将组添加到与本地 Active Directory 同步的组。Adding groups to a group synced with on-premises Active Directory.
  • 将安全组添加到 Office 365 组。Adding Security groups to Office 365 groups.
  • 将 Office 365 组添加到安全组或其他 Office 365 组。Adding Office 365 groups to Security groups or other Office 365 groups.
  • 将应用分配到嵌套组。Assigning apps to nested groups.
  • 将许可证应用于嵌套组。Applying licenses to nested groups.

若要将组作为成员添加到其他组To add a group as a member of another group

  1. 使用目录的全局管理员帐户登录到 Azure 门户Sign in to the Azure portal using a Global administrator account for the directory.

  2. 选择“Azure Active Directory”,然后选择“组”。Select Azure Active Directory, and then select Groups.

  3. 在“组 - 所有组”页面上,搜索并选择要成为另一个组的成员的组。On the Groups - All groups page, search for and select the group that's to become a member of another group. 对于本练习,我们将使用“MDM 策略 - 西部”组。For this exercise, we're using the MDM policy - West group.

    Note

    一次只能将你的组作为成员添加到一个组。You can add your group as a member to only one group at a time. 另外,“选择组”框会通过将输入内容与用户或设备名称的任何部分进行匹配来筛选显示内容。Additionally, the Select Group box filters the display based on matching your entry to any part of a user or device name. 但是,不支持通配符字符。However, wildcard characters aren't supported.

    “组 - 所有组”页面,其中选择了“MDM 策略 - 西部”组

  4. 在“MDM 策略 - 西部 - 组成员身份”页面上,选择“组成员身份”,选择“添加”,找到要使你的组成为其成员的组,然后选择“选择”。On the MDM policy - West - Group memberships page, select Group memberships, select Add, locate the group you want your group to be a member of, and then choose Select. 对于本练习,我们将使用“MDM 策略 - 所有组织”组。For this exercise, we're using the MDM policy - All org group.

    “MDM 策略 - 西部”组现在是“MDM 策略 - 所有组织”组的一个成员,继承了“MDM 策略 - 所有组织”组的所有属性和配置。The MDM policy - West group is now a member of the MDM policy - All org group, inheriting all the properties and configuration of the MDM policy - All org group.

    通过将组添加到另一个组中创建组成员身份

  5. 查看“MDM 策略 - 西部 - 组成员身份”页面来查看组和成员身份。Review the MDM policy - West - Group memberships page to see the group and member relationship.

    “MDM 策略 - 西部 - 组成员身份”页面,其中显示了父组

  6. 若要获得组和成员身份的详细视图,请选择组名称(“MDM 策略 - 所有组织”)并查看“MDM 策略 - 西部”页面详细信息。For a more detailed view of the group and member relationship, select the group name (MDM policy - All org) and take a look at the MDM policy - West page details.

    组成员身份页面,其中显示了成员和组详细信息

从另一个组中删除组Remove a group from another group

可以从其他安全组中删除现有安全组。You can remove an existing Security group from another Security group. 但是,删除组也会删除其成员的所有继承特性和属性。However, removing the group also removes any inherited attributes and properties for its members.

删除组中的成员组To remove a member group from another group

  1. 在“组 - 所有组”页面上,搜索并选择要删除的属于另一个组的成员的组。On the Groups - All groups page, search for and select the group that's to be removed as a member of another group. 对于本练习,我们再次使用“MDM 策略 - 西部”组。For this exercise, we're again using the MDM policy - West group.

  2. 在“MDM 策略 - 西部”概述页面上,选择“组成员身份”。On the MDM policy - West overview page, select Group memberships.

    “MDM 策略 - 西部”概述页面

  3. 从“MDM 策略 - 西部 - 组成员身份”页面上选择“MDM 策略 - 所有组织”,然后从“MDM 策略 - 西部”页面详细信息中选择“删除”。Select the MDM policy - All org group from the MDM policy - West - Group memberships page, and then select Remove from the MDM policy - West page details.

    显示成员和组详细信息的“组成员身份”页

其他信息Additional information

这些文章提供了有关 Azure Active Directory 的更多信息。These articles provide additional information on Azure Active Directory.