diff --git a/authentik/sources/ldap/forms.py b/authentik/sources/ldap/forms.py
index 55a48fe1e..c9bfb58a4 100644
--- a/authentik/sources/ldap/forms.py
+++ b/authentik/sources/ldap/forms.py
@@ -45,6 +45,7 @@ class LDAPSourceForm(forms.ModelForm):
             "object_uniqueness_field",
             "sync_parent_group",
         ]
+        labels = {"property_mappings_group": _("Group property mappings")}
         widgets = {
             "name": forms.TextInput(),
             "server_uri": forms.TextInput(),
diff --git a/authentik/sources/ldap/migrations/0011_ldapsource_property_mappings_group.py b/authentik/sources/ldap/migrations/0011_ldapsource_property_mappings_group.py
index e9c0f147e..bd5edca8d 100644
--- a/authentik/sources/ldap/migrations/0011_ldapsource_property_mappings_group.py
+++ b/authentik/sources/ldap/migrations/0011_ldapsource_property_mappings_group.py
@@ -1,12 +1,30 @@
 # Generated by Django 3.1.6 on 2021-02-06 14:01
 
+from django.apps.registry import Apps
 from django.db import migrations, models
 
 
+def set_default_group_mappings(apps: Apps, schema_editor):
+    LDAPPropertyMapping = apps.get_model(
+        "authentik_sources_ldap", "LDAPPropertyMapping"
+    )
+    LDAPSource = apps.get_model("authentik_sources_ldap", "LDAPSource")
+    db_alias = schema_editor.connection.alias
+
+    for source in LDAPSource.objects.using(db_alias).all():
+        if source.property_mappings_group.exists():
+            continue
+        source.property_mappings_group.set(
+            LDAPPropertyMapping.objects.using(db_alias).filter(
+                managed="goauthentik.io/sources/ldap/default-name"
+            )
+        )
+        source.save()
+
+
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_core", "0017_managed"),
         ("authentik_sources_ldap", "0010_auto_20210205_1027"),
     ]
 
@@ -21,4 +39,5 @@ class Migration(migrations.Migration):
                 to="authentik_core.PropertyMapping",
             ),
         ),
+        migrations.RunPython(set_default_group_mappings),
     ]
diff --git a/website/docs/integrations/sources/active-directory/index.md b/website/docs/integrations/sources/active-directory/index.md
index 6e3b6710e..4d2cbe6b0 100644
--- a/website/docs/integrations/sources/active-directory/index.md
+++ b/website/docs/integrations/sources/active-directory/index.md
@@ -40,7 +40,8 @@ Use these settings:
 -   Bind CN: `<name of your service user>@ad.company`
 -   Bind Password: The password you've given the user above
 -   Base DN: The base DN which you want authentik to sync
--   Property Mappings: Shift-Select all
+-   Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
+-   Group property mappings: Select "authentik default LDAP Mapping: Name"
 
 The other settings might need to be adjusted based on the setup of your domain.