Forum Discussion

VigneshGanesan's avatar
VigneshGanesan
MVP
Feb 06, 2023
Solved

Azure AD Dynamic Security Groups creation with inclusion and exclusion.

Hi All,   I have a query regarding Azure AD Dynamic Security Group creation and would like to get some advise from this forum. I want to create an Azure AD Dynamic Security Group which should inclu...
Azure Active Directory (AAD)
  • DavidLundell's avatar
    DavidLundell
    Jun 08, 2025

    Vignesh,

    I know this is an old post and I thought I would answer anyhow. While there is a preview to use memberOf attribute but you can'ty use memberOf with anything else. Lots of people report issues with memberOf. 

    While it seems like you could have a group that includes users from another group and excludes people from a third group like this: 

    user.memberof -any (group.objectId -in ['06df5504-4db6-46d5-b773-be9ff6649ef6'])) -and (-not( user.memberof -any (group.objectid -in ['d8b42618-a53c-4927-8f42-3028044fb020'])) 

    It does not work! When I attempt to use the above rule set it gives me everyone that is in the first group.

DavidLundell's avatar
DavidLundell
Brass Contributor
Jun 08, 2025

Vignesh,

I know this is an old post and I thought I would answer anyhow. While there is a preview to use memberOf attribute but you can'ty use memberOf with anything else. Lots of people report issues with memberOf. 

While it seems like you could have a group that includes users from another group and excludes people from a third group like this: 

user.memberof -any (group.objectId -in ['06df5504-4db6-46d5-b773-be9ff6649ef6'])) -and (-not( user.memberof -any (group.objectid -in ['d8b42618-a53c-4927-8f42-3028044fb020'])) 

It does not work! When I attempt to use the above rule set it gives me everyone that is in the first group.

Resources