Azure
--
Questions
--
Followers
Top Experts
Hello. We are trying to populate a new Dynamic Dynamic Azure AD Groups by looking to populate members from another Azure AD Group that is configured as Assigned membership. We are leveraging the Microsoft Recommendations, https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of.
We are able to save the group per the recommendation, but it doesn't populate any users and when you validate, no users make the cut. Not sure if syntax related or what.
Any recommendations/success creating a dynamic group to look at a different Assigned Azure AD Group?
Thanks in advance
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
The syntax
user.memberof -any (group.objectId -in ['b974d1fb-0353-4b26-be63-97a01ad92bfd', '5ec1e450-0ccb-4e01-bfc5-72d51c62fca1', '54e33237-75db-4cb0-a1f3-a857db72665d']) and (user.accountEnabled -eq true) and and (user.userPrincipalName -notcontains "tst.") and (user.userPrincipalName -notcontains "service" -or user.userPrincipalName -in ["someuser@domain.com"])
I have tried to shorten to just the first statement, but makes no difference. Thanks in advance.
You cannot combine any other filter when using memberOf. From the article above:
The memberOf attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
We have the same issue if we even try just the first part of the syntax. Do you have a recommendation or is this memberof group not a recommended approach?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Works fine on my end with a newly created group with the following syntax:
user.memberof -any (group.objectId -in ['08900da5-dea4-40a2-a9e2-5af3b2f62a16','f94aee6b-9ca7-4477-bb8f-e4079df24a7d'])
It needed some time to populate it, which will vary on the size of your tenant. Other than that, make sure the membership of the “member” groups is set up properly, no nesting, etc.
As an alternative, I have found something like this syntax to leverage the license, (user.assignedPlans -any (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Enabled")) -and (user.userPrincipalName -notin ["username1@domain", "username2@domain", "username3@domain"])
My issue, trying to find the Guid for our E5 Licenses. I am not seeing the Service Plan ID in the Admin center and Powershell is giving an error as it doesn't recognize the command. Any recommendations to go down this path?
Thanks in advance.
servicePlanId is a reference for the individual “plans” within a license, not the license as a whole. In the example above, the filter checks for the presence of the Exchange Online Plan 2, and its status. This doesn't always translate to specific SKU/license though, so make sure the logic is correct.
You can just the SKU/plan ids from here: https://learn.microsoft.com/en-us/entra/identity/users/licensing-service-plan-reference
Membership rules on the assignedLicenses property (i.e. the license itself) are not currently possible.
As a workaround you can also consider using a non-dynamic group, see this article by Tony for the details: https://practical365.com/diy-dynamic-microsoft-365-group/
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Azure
--
Questions
--
Followers
Top Experts
Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.