Forum Discussion
Defining dynamic group member rules for including only external guests: which syntax is valid?
- Feb 18, 2020
The Syntax we use to get all external guests is:
(user.userType -eq "Guest")
This will pick out all of the guest users in the tenant regardless of their domain. If you just want all guest users from a specific domain, then you can filter by domain with this syntax
(user.mail -contains "@company.co.uk")
Just tested both in my tenant and and confirm either way works 👍
One weird bug I found I noticed - when assigning members via user.mail they didn't show up in the new AAD groups preview, but did in the old view.
Hope this helps,
Mark
The Syntax we use to get all external guests is:
(user.userType -eq "Guest")
This will pick out all of the guest users in the tenant regardless of their domain. If you just want all guest users from a specific domain, then you can filter by domain with this syntax
(user.mail -contains "@company.co.uk")
Just tested both in my tenant and and confirm either way works 👍
One weird bug I found I noticed - when assigning members via user.mail they didn't show up in the new AAD groups preview, but did in the old view.
Hope this helps,
Mark
Thanks for your reply.Yes, we changed the rule syntax first thing morning using similar syntax to you
This has now populated - happy days!
(user.Mail -contains "@extdomain.co.uk") -AND (user.userType -eq "Guest")
This one my my colleague is monitoring to see what happens... fingers crossed eh.
((user.Mail -contains "@extdomain.co.uk") -OR (user.Mail -contains "@otherextdomain.co.uk")) -AND (user.userType -eq "Guest")