Hey everyone! We're hoping to get some guidance from those who've run into similar challenges. I'll walk through how we currently sync and manage groups from Entra into ServiceNow, outline the problems we're running into, and then open it up for any tips or lessons learned from your own environments.

Our Current Setup

We manage groups in on-premises Active Directory (AD) — membership changes, renames, etc. — which sync to Microsoft Entra on a regular schedule. From there, we use three separate enterprise applications (one per instance: dev, UAT, and prod) to push those groups and their members into the respective ServiceNow environments. We previously synced our dev AD into the dev instance, but that introduced its own headaches and the original requirement behind it went away, so we've since consolidated to using production AD/Entra across all three environments.

The Problem

The big pain point we keep hitting is that sysIDs for groups don't align across environments — which makes total sense — but it causes real issues when promoting flows from dev to UAT or prod. Since OOTB ServiceNow uses sysID for assignment group fields (on SCTasks and elsewhere), the group references break after importing an update set. We've been swapping in the correct group names post-import as a workaround and that does the trick, but it's not a sustainable long-term process.

Where We're Headed (and Where We're Stuck)

We don't currently clone down on a regular basis, though that's something we're planning to do soon — we're just blocked right now due to an active project in our environment. In the meantime, my initial thought was to sync groups into production from Entra, then export the Group and Group Membership tables as XMLs and import them into the lower environments. That said, it feels pretty cumbersome, especially when group memberships are changing frequently.

Our Questions for the Community

• What advice would you give as we work to improve our group sync process across environments?
• What has worked well in your setup?
• Anything you tried that didn't pan out and we should avoid?

Really appreciate any insight — thanks in advance!