diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php
index af94ac532..c6f8dd379 100755
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@@ -179,6 +179,16 @@ class LdapSync extends Command
 
         $manager_cache = [];
 
+        if($ldap_default_group != null) {
+
+            $default = Group::find($ldap_default_group);
+            if (!$default) {
+                $ldap_default_group = null; // un-set the default group if that group doesn't exist
+            }
+
+        }
+
+
         for ($i = 0; $i < $results['count']; $i++) {
                 $item = [];
                 $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
@@ -221,13 +231,6 @@ class LdapSync extends Command
                 $user->country = $item['country'];
                 $user->department_id = $department->id;
 
-                if($ldap_default_group != null) {
-
-                    $default = Group::select()->where('id', $ldap_default_group)->first();
-                    $user->permissions = $default->permissions;
-
-                }
-
                 if($item['manager'] != null) {
                     // Check Cache first
                     if (isset($manager_cache[$item['manager']])) {
@@ -336,6 +339,9 @@ class LdapSync extends Command
                 if ($user->save()) {
                     $item['note'] = $item['createorupdate'];
                     $item['status'] = 'success';
+                    if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
+                         $user->groups()->attach($ldap_default_group);
+                    }
 
                 } else {
                     foreach ($user->getErrors()->getMessages() as $key => $err) {
diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
index d41deaf93..e2879d98c 100644
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@@ -77,6 +77,7 @@ return [
     'ldap'                      => 'LDAP',
     'ldap_default_group'        => 'Default Permissions Group',
     'ldap_default_group_info'   => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.',
+    'no_default_group'          => 'No Default Group',
     'ldap_help'                 => 'LDAP/Active Directory',
     'ldap_client_tls_key'       => 'LDAP Client TLS Key',
     'ldap_client_tls_cert'      => 'LDAP Client-Side TLS Certificate',
diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php
index 628ca41c5..19153a0bb 100644
--- a/resources/views/settings/ldap.blade.php
+++ b/resources/views/settings/ldap.blade.php
@@ -116,11 +116,11 @@
                                                     name="ldap_default_group"
                                                     aria-label="ldap_default_group"
                                                     id="ldap_default_group"
-                                                    class="form-control"
+                                                    class="form-control select2"
                                             >
-                                                <option></option>
+                                                <option value="">{{ trans('admin/settings/general.no_default_group') }}</option>
                                                 @foreach ($groups as $id => $group)
-                                                    <option value="{{ $id }}">
+                                                    <option value="{{ $id }}" {{ $setting->ldap_default_group == $id ? 'selected' : '' }}>
                                                         {{ $group }}
                                                     </option>
                                                 @endforeach