Forum Discussion
Richard Bailey
Oct 17, 2017Copper Contributor
Dynamic Group Membership - issue with rule
I created a new Dynamic Group with the following rule: (user.accountEnabled -eq true -and user.employeeID -ne $null) But no members are being added. Can anyone spot what may be the issue?
VasilMichev
MVP
Do you have the necessary licenses applied? The feature requires Azure AD Premium for ALL users in the scope of the rule.
Richard Bailey
Oct 19, 2017Copper Contributor
Ok, that may be the issue. The wording in the documentation was unclear with respect to this. At one point is said the tenant has to have Azure AD Premium; our tenant has P1.
I was actually trying to use this group to assign EMS licenses, therefore the users were not yet licensed.
I just created a group on-premises and synced it, assigning the license to the synced group.
However, after that my Dynamic group is still empty.
This time when I edit the Dynamic membership rule I finally get an error that employeeID is an unsupported property. I modified the rule to use the customized synced property, but the group is still empty.
Somehow my test group, with the simple rule of (user.accountEnabled -eq true) is populated, but with more that 1000 users and we only have 885 EMS licenses.
Dynamic groups is not working consistently.
I was actually trying to use this group to assign EMS licenses, therefore the users were not yet licensed.
I just created a group on-premises and synced it, assigning the license to the synced group.
However, after that my Dynamic group is still empty.
This time when I edit the Dynamic membership rule I finally get an error that employeeID is an unsupported property. I modified the rule to use the customized synced property, but the group is still empty.
Somehow my test group, with the simple rule of (user.accountEnabled -eq true) is populated, but with more that 1000 users and we only have 885 EMS licenses.
Dynamic groups is not working consistently.
- VasilMichevOct 19, 2017MVP
You can always open a support case and get an official answer :)
- jimbarrgpbostonOct 22, 2020Brass Contributor
VasilMichev Not really a solution. In our experience, the average time to closure on any case with Microsoft is 6 weeks or longer. The reality about support is that nobody at Microsoft really knows their products. Also, things should be wizard driven, but are not. So you are crestfallen when after 4 weeks of banging your head against the wall, someone finally tells you, "you don't have the right license".