Forum Discussion

Daniel Westerdale's avatar
Daniel Westerdale
Iron Contributor
Feb 18, 2020
Solved

Defining dynamic group member rules for including only external guests: which syntax is valid?

    The syntax is really starting to confuse me as I thought this should work . However, I tend to work with internal users so this may not work.   (user.userPrincipalName -contains "@guestdomai...
Azure Active Directory (AAD)
  • HidMov's avatar
    HidMov
    Feb 18, 2020

    Hi Daniel Westerdale 

     

    The Syntax we use to get all external guests is:

     

    (user.userType -eq "Guest")

     

    This will pick out all of the guest users in the tenant regardless of their domain. If you just want all guest users from a specific domain, then you can filter by domain with this syntax

     

    (user.mail -contains "@company.co.uk")

     

    Just tested both in my tenant and and confirm either way works 👍

     

    One weird bug I found I noticed - when assigning members via user.mail they didn't show up in the new AAD groups preview, but did in the old view.

     

    Hope this helps,

    Mark

     

TomerN's avatar
TomerN
Copper Contributor
Jul 14, 2025

The most simple thing you can do is

(user.userType -eq "Guest")

Then you can just add additional filters with "AND" logical operation to the rule.

Resources