Jul 04 2019
04:55 AM
- last edited on
Jan 14 2022
04:38 PM
by
TechCommunityAP
Jul 04 2019
04:55 AM
- last edited on
Jan 14 2022
04:38 PM
by
TechCommunityAP
We want to create several groups based on the value that we fill into the field CustomAttribute1.
Our environment is not AD Synced. We're working in the cloud with all our applications and services.
When we check the value of the attributes in the Exchange Admin Center, everything is filled in correctly. But our groups are not filled with members, and there is no error.
Why are our groups not populated with users?
Jul 04 2019 07:03 AM
@Johan Pauly Hi, how are your rules for the dynamic groups set up?
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
Jul 04 2019 07:15 AM
Hello,
this rule is very simple: (user.extensionAttribute1 -eq "xxxxxxxxxxxxx")
@Viktor Hedberg wrote:@Johan Pauly Hi, how are your rules for the dynamic groups set up?
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
Jul 04 2019 07:45 AM
Jul 04 2019 07:50 AM
Jul 04 2019 09:44 AM
SolutionJul 05 2019 12:16 AM
Sep 10 2019 04:57 AM
Hello,
you can use custom properties for membership of dynamic azure ad groups without on permises AD sync.
However, these custom properties are not the ones you can set in EAC!
Despite them being called "onPremisesExtensionAttributes", you can use them without ad sync.
The rules you can make with them for dynamic azure AD group membership, are much more powerful than the EAC custom attributes (which you can use only for dynamic distribution groups, not for azure ad dynamic groups), you'll like it!
The recommended way to get/set these properties is using ms graph (as far as I could find out, there exists a - more complex - way for setting them with powershell, but I could find no way to retrieve them with powershell).
To get these custom properties (and check there's no on premises sync):
GET https://graph.microsoft.com/v1.0/users/<id< a=""> or principa</id<>l name>?$select=onPremisesSyncEnabled,onPremisesExtensionAttributes
If onPremisesSyncEnabled is null or false, you can set them like this :
PATCH https://graph.microsoft.com/v1.0/users/<id< a=""> or principal name></id<>
with a request body like this :
{
"onPremisesExtensionAttributes": {
"extensionAttribute1": "any string you like",
"extensio...
You can test the above requests in graph explorer (https://developer.microsoft.com/en-us/graph/graph-explorer).
More info here: https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
Best regards,
Tom
Sep 10 2019 05:15 AM
My post above appearded a little screwed up, hope the commands will be readable this time:
getting:
GET https://graph.microsoft.com/v1.0/users/id_or_<id< a="">principa</id<>lname_here?$select=onPremisesSyncEnabled,onPremisesExtensionAttributes
setting:
PATCH https://graph.microsoft.com/v1.0/users/id_or_<id< a="">principa</id<>lname_here
with a request body like this:
{
"onPremisesExtensionAttributes": {
"extensionAttribute1": "any string you want",
"extensionAttribute2": "some other string",
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
}
}
Sep 10 2019 05:18 AM
Mar 25 2022 05:43 AM - edited Mar 25 2022 05:50 AM
Jul 04 2019 09:44 AM
Solution