Dynamic Group Membership - issue with rule

Question

I created a new Dynamic Group with the following rule:(user.accountEnabled -eq true -and user.employeeID -ne $null)&nbsp;But no members are being added.&nbsp;Can anyone spot what may be the issue?

vasilmichev · Answer

Paranthesis? Try this:&nbsp;(user.accountEnabled -eq true) -and (user.employeeID -ne $null)&nbsp;Well, also the fact that employeeID is not supported. You can find the list of supported proeprties here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-with-advanced-rules

richard bailey · Answer

Thanks for the reply. I just added the parenthesis, but it still says 0 members.

I didn't see employeeID in the help document, as you are pointing out, however I did sync employeeID as a custom attribute and tried that custom attribute with varied results.

There was also the recommendation in the help document to use the Graph Explorer to see the attributes, and when I did that I noticed that even though employeeID was not listed in the Dynamic Groups help page, it is there on the user object.

If I intentionally do a typo in employeeID (employeeI for example) the Dynamic memberthip rule editor interface throws an error, so it is validating and accepting the input.

I am stumpted.

Is there any way to troubleshoot this?

vasilmichev · Answer

Cant you use any other attribute from the supported list?

richard bailey · Answer

I just did a new test group with a simple rule of (user.accountEnabled -eq true) and it still came up empty.I think there may be something broken or something fundamental that I am missing.

vasilmichev · Answer

Do you have the necessary licenses applied? The feature requires Azure AD Premium for ALL users in the scope of the rule.

Forum Discussion

Dynamic Group Membership - issue with rule

8 Replies

Resources