Forum Discussion
Richard Bailey
Oct 17, 2017Copper Contributor
Dynamic Group Membership - issue with rule
I created a new Dynamic Group with the following rule: (user.accountEnabled -eq true -and user.employeeID -ne $null) But no members are being added. Can anyone spot what may be the issue?
Richard Bailey
Oct 17, 2017Copper Contributor
Thanks for the reply. I just added the parenthesis, but it still says 0 members.
I didn't see employeeID in the help document, as you are pointing out, however I did sync employeeID as a custom attribute and tried that custom attribute with varied results.
There was also the recommendation in the help document to use the Graph Explorer to see the attributes, and when I did that I noticed that even though employeeID was not listed in the Dynamic Groups help page, it is there on the user object.
If I intentionally do a typo in employeeID (employeeI for example) the Dynamic memberthip rule editor interface throws an error, so it is validating and accepting the input.
I am stumpted.
Is there any way to troubleshoot this?
VasilMichev
Oct 17, 2017MVP
Cant you use any other attribute from the supported list?
- Richard BaileyOct 17, 2017Copper ContributorI just did a new test group with a simple rule of (user.accountEnabled -eq true) and it still came up empty.
I think there may be something broken or something fundamental that I am missing.- VasilMichevOct 18, 2017MVP
Do you have the necessary licenses applied? The feature requires Azure AD Premium for ALL users in the scope of the rule.
- Richard BaileyOct 19, 2017Copper ContributorOk, that may be the issue. The wording in the documentation was unclear with respect to this. At one point is said the tenant has to have Azure AD Premium; our tenant has P1.
I was actually trying to use this group to assign EMS licenses, therefore the users were not yet licensed.
I just created a group on-premises and synced it, assigning the license to the synced group.
However, after that my Dynamic group is still empty.
This time when I edit the Dynamic membership rule I finally get an error that employeeID is an unsupported property. I modified the rule to use the customized synced property, but the group is still empty.
Somehow my test group, with the simple rule of (user.accountEnabled -eq true) is populated, but with more that 1000 users and we only have 885 EMS licenses.
Dynamic groups is not working consistently.