When configuring the AD sync you have two options for selecting groups. Include all and then exclude specific groups or Exclude all and then select the groups you want to be synced.
When configuring the AD sync you have two options for selecting groups.You can either select "Default groups behavior" as Exclude, and then by default, no groups will be selected from the AD. Next, go to the "include" list below and check the groups you want to sync.
The preferred default method is to exclude all and select the groups you want to sync.
The other option is to select include all and choose the groups to exclude. This option only makes sense for companies with very small and "clean" directories.
If you select the Default group behavior as Exclude, adding groups to the excluded list has no effect.
The exclusion only works at the group level. That means that even though a person is included in a group marked as excluded, he will still be imported if he is in another group marked as included.