Forum Discussion
Dynamic Security Groups based on the onpremisesDistinguishedName attribute
Hi to the community
Got an interesting question. I see that you can create dynamic security groups based on a large number of attributes including onpremisessecurityidentifier, I can see some use cases for that one 🙂
however it doesn't appear to be possible to create dynamic group based on the onpremisesdistinguishedname 😞 Is this possible?
I did some reading about being able to consume custom attributes based on applicationID. Would this be a possible approach to investigate. If so does the AADConnect system even register an AppID and how would I go about locating it?
Thanks for any advice or pointers
The attribute itself is synced/exposed as "onPremisesDistinguishedName", however leveraging that for Dynamic group rules is not possible afaik.
- PeterJ_InobitsIron ContributorHi Vasil
I had this confirmed by another source.... It's annoying because that ability would have eased a particular issue in where the accuracy of data in AD is questionable but the org has dept/division based OU structure.. - satishmulayCopper ContributorHello Vasil,
I just wanted to clarify if the “onPremisesDistinguishedName” attribute is exposed for groups that are synced from on-premises to Azure AD?
Thanks in advance!