Forum Discussion
Defining dynamic group member rules for including only external guests: which syntax is valid?
The syntax is really starting to confuse me as I thought this should work . However, I tend to work with internal users so this may not work.
(user.userPrincipalName -contains "@guestdomain.co.uk")
My colleague reckons this is the answer
(user.usermail -contains "@guestdomain.co.uk")
Or his latest suggestion,
(user.userType -eq "Guest") and (user.otherMails -contains "@guestdomain.co.uk")
Normally, I would inspect the AAD but I don't have permissions to AD on the target tenant. Anyway, would be great to stop us both arguing with a proven answer!
The Syntax we use to get all external guests is:
(user.userType -eq "Guest")
This will pick out all of the guest users in the tenant regardless of their domain. If you just want all guest users from a specific domain, then you can filter by domain with this syntax
(user.mail -contains "@company.co.uk")
Just tested both in my tenant and and confirm either way works 👍
One weird bug I found I noticed - when assigning members via user.mail they didn't show up in the new AAD groups preview, but did in the old view.
Hope this helps,
Mark
- HidMovSteel Contributor
The Syntax we use to get all external guests is:
(user.userType -eq "Guest")
This will pick out all of the guest users in the tenant regardless of their domain. If you just want all guest users from a specific domain, then you can filter by domain with this syntax
(user.mail -contains "@company.co.uk")
Just tested both in my tenant and and confirm either way works 👍
One weird bug I found I noticed - when assigning members via user.mail they didn't show up in the new AAD groups preview, but did in the old view.
Hope this helps,
Mark
- Daniel WesterdaleIron Contributor
Thanks for your reply.Yes, we changed the rule syntax first thing morning using similar syntax to you
This has now populated - happy days!
(user.Mail -contains "@extdomain.co.uk") -AND (user.userType -eq "Guest")
This one my my colleague is monitoring to see what happens... fingers crossed eh.
((user.Mail -contains "@extdomain.co.uk") -OR (user.Mail -contains "@otherextdomain.co.uk")) -AND (user.userType -eq "Guest")