SOLVED
Home

Creating dynamic groups with custom attribute

%3CLINGO-SUB%20id%3D%22lingo-sub-738069%22%20slang%3D%22en-US%22%3ECreating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738069%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20want%20to%20create%20several%20groups%20based%20on%20the%20value%20that%20we%20fill%20into%20the%20field%20CustomAttribute1.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20environment%20is%20not%20AD%20Synced.%20We're%20working%20in%20the%20cloud%20with%20all%20our%20applications%20and%20services.%3C%2FP%3E%3CP%3EWhen%20we%20check%20the%20value%20of%20the%20attributes%20in%20the%20Exchange%20Admin%20Center%2C%20everything%20is%20filled%20in%20correctly.%20But%20our%20groups%20are%20not%20filled%20with%20members%2C%20and%20there%20is%20no%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20are%20our%20groups%20not%20populated%20with%20users%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-738069%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEMS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738360%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738360%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3110%22%20target%3D%22_blank%22%3E%40Johan%20Pauly%3C%2FA%3E%26nbsp%3BHi%2C%20how%20are%20your%20rules%20for%20the%20dynamic%20groups%20set%20up%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738388%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738388%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F26736%22%20target%3D%22_blank%22%3E%40Viktor%20Hedberg%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3Ethis%20rule%20is%20very%20simple%3A%26nbsp%3B(user.extensionAttribute1%20-eq%20%22xxxxxxxxxxxxx%22)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F26736%22%20target%3D%22_blank%22%3E%40Viktor%20Hedberg%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3110%22%20target%3D%22_blank%22%3E%40Johan%20Pauly%3C%2FA%3E%26nbsp%3BHi%2C%20how%20are%20your%20rules%20for%20the%20dynamic%20groups%20set%20up%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%3C%2FA%3E%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738517%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738517%22%20slang%3D%22en-US%22%3EHi%20again%2C%3CBR%20%2F%3E%3CBR%20%2F%3EJust%20to%20be%20clear.%20Are%20we%20talking%20about%20Dynamic%20Azure%20AD%20Groups%20or%20Dynamic%20Distribution%20Groups%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%2FViktor%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738518%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738518%22%20slang%3D%22en-US%22%3EHi%20again%2C%3CBR%20%2F%3E%3CBR%20%2F%3EJust%20to%20be%20clear.%20Are%20we%20talking%20about%20Dynamic%20Azure%20AD%20Groups%20or%20Dynamic%20Distribution%20Groups%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%2FViktor%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738520%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738520%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F26736%22%20target%3D%22_blank%22%3E%40Viktor%20Hedberg%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20about%20Dynamic%20Azure%20AD%20Groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738638%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738638%22%20slang%3D%22en-US%22%3EYeah%2C%20right.%20The%20ExtensionAttribute%20you%20are%20referring%20to%20is%20present%20on%20the%20Exhange%20Mailbox%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAzure%20AD%20dynamic%20group%20rules%20does%20not%20as%20to%20my%20knowledge%20let%20you%20use%20Exchange%20Extension%20Attributes%20from%20out-of-the%20box.%3CBR%20%2F%3E%3CBR%20%2F%3ESince%20you%20also%20stated%20that%20there%20is%20no%20AAD%20Connect%20Sync%20in%20place%2C%20I%20would%20try%20another%20attribute.%20The%20ExtensionAttributes%20reffered%20to%20in%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%23extension-properties-and-custom-extension-properties%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%23extension-properties-and-custom-extension-properties%3C%2FA%3E%20are%20those%20coming%20from%20on-prem%20AD%20via%20sync.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-738988%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-738988%22%20slang%3D%22en-US%22%3EThat%20is%20also%20what%20I%20thought.%20But%20I%20was%20not%20sure%20about%20it.%3CBR%20%2F%3EAs%20your%20said%2C%20these%20ExtensionAttributes%20are%20present%20on%20the%20Exchange%20mailbox.%20About%20using%20another%20attribute%2C%20it's%20difficult.%20We%20want%20to%20use%20a%20specific%20value%20to%20populate%20these%20groups.%3CBR%20%2F%3EThanks%20for%20your%20answers.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846464%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846464%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyou%20can%20use%20custom%20properties%20for%20membership%20of%20dynamic%20azure%20ad%20groups%20without%20on%20permises%20AD%20sync.%3CBR%20%2F%3EHowever%2C%20these%20custom%20properties%20are%20not%20the%20ones%20you%20can%20set%20in%20EAC!%3C%2FP%3E%3CP%3EDespite%20them%20being%20called%20%22onPremisesExtensionAttributes%22%2C%20you%20can%20use%20them%20without%20ad%20sync.%3C%2FP%3E%3CP%3EThe%20rules%20you%20can%20make%20with%20them%20for%20dynamic%20azure%20AD%20group%20membership%2C%20are%20much%20more%20powerful%20than%20the%20EAC%20custom%20attributes%20(which%20you%20can%20use%20only%20for%20dynamic%20distribution%20groups%2C%20not%20for%20azure%20ad%20dynamic%20groups)%2C%20you'll%20like%20it!%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThe%20recommended%20way%20to%20get%2Fset%20these%20properties%20is%20using%20ms%20graph%20(as%20far%20as%20I%20could%20find%20out%2C%20there%20exists%20a%20-%20more%20complex%20-%20way%20for%20setting%20them%20with%20powershell%2C%26nbsp%3B%20but%20I%20could%20find%20no%20way%20to%20retrieve%20them%20with%20powershell).%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20get%20these%20custom%26nbsp%3B%20properties%20(and%20check%20there's%20no%20on%20premises%20sync)%3A%3C%2FP%3E%3CP%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3EGET%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%3CID%3E%26lt%3B%20a%3D%22%22%26gt%3B%20or%20principa%3C%2FID%3E%3C%2FA%3E%3C%2FFONT%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3El%20name%26gt%3B%3F%24select%3DonPremisesSyncEnabled%2ConPremisesExtensionAttributes%3C%2FFONT%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3EIf%20there's%20no%20on%20premises%20sync%2C%26nbsp%3BonPremisesSyncEnabled%20is%20null%20(if%26nbsp%3BonPremisesSyncEnabled%20is%20true%2C%20these%20come%20from%20on%20premises%20sync%20and%20these%20custom%20properties%20are%20read-only%20in%20azure%20AD).%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3EIf%26nbsp%3BonPremisesSyncEnabled%20is%20null%20or%20false%2C%20you%20can%20set%20them%20like%20this%20%3A%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3EPATCH%26nbsp%3B%3C%2FFONT%3E%3C%2FA%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%3CID%3E%26lt%3B%20a%3D%22%22%26gt%3B%20or%20principa%3CSPAN%3El%20name%26gt%3B%3C%2FSPAN%3E%3C%2FID%3E%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ewith%20a%20request%20body%20like%20this%20%3A%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%7B%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%22onPremisesExtensionAttributes%22%3A%20%7B%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute1%22%3A%20%22any%20string%20you%20like%22%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute2%22%3A%20%22another%20string%22%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute3%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute4%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute5%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute6%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute7%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute8%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute9%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute10%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute11%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute12%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute13%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute14%22%3A%20null%2C%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute15%22%3A%20null%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%26nbsp%3B%7D%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%20size%3D%222%22%3E%7D%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2F%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYou%20can%20test%20the%20above%20requests%20in%20graph%20explorer%20(%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fgraph-explorer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fgraph-explorer%3C%2FA%3E).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMore%20info%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fuser%3Fview%3Dgraph-rest-1.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fuser%3Fview%3Dgraph-rest-1.0%3C%2FA%3E%3C%2FP%3E%3CP%3Eand%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fonpremisesextensionattributes%3Fview%3Dgraph-rest-1.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fonpremisesextensionattributes%3Fview%3Dgraph-rest-1.0%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETom%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846473%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846473%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20post%20above%20appearded%20a%20little%20screwed%20up%2C%20hope%20the%20commands%20will%20be%20readable%20this%20time%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Egetting%3A%3C%2FP%3E%3CP%3EGET%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fid_or_%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fid_or_%3CID%3E%3C%2FID%3E%3C%2FA%3E%26lt%3B%20a%3D%22%22%26gt%3Bprincipa%3C%2FP%3E%3C%2FLINGO-BODY%3Elname_here%3F%24select%3DonPremisesSyncEnabled%2ConPremisesExtensionAttributes%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esetting%3A%3C%2FP%3E%3CP%3EPATCH%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fid_or_%26lt%3Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fid_or_%3CID%3E%3C%2FID%3E%3C%2FA%3E%26lt%3B%20a%3D%22%22%26gt%3Bprincipalname_here%3C%2FP%3E%3CP%3Ewith%26nbsp%3B%20a%20request%20body%20like%20this%3A%3C%2FP%3E%3CP%3E%7B%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22onPremisesExtensionAttributes%22%3A%20%7B%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute1%22%3A%20%22any%20string%20you%20want%22%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute2%22%3A%20%22some%20other%20string%22%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute3%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute4%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute5%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute6%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute7%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute8%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute9%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute10%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute11%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute12%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute13%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute14%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22extensionAttribute15%22%3A%20null%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%7D%3CBR%20%2F%3E%7D%3C%2FP%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846487%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20dynamic%20groups%20with%20custom%20attribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846487%22%20slang%3D%22en-US%22%3EGET%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fuserid%3F%24select%3DonPremisesSyncEnabled%2ConPremisesExtensionAttributes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fuserid%3F%24select%3DonPremisesSyncEnabled%2ConPremisesExtensionAttributes%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EPATCH%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fuserid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fuserid%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Eyou%20can%20use%20id%20or%20principalname%20as%20userid%3C%2FLINGO-BODY%3E
Johan Pauly
Contributor

We want to create several groups based on the value that we fill into the field CustomAttribute1. 

 

Our environment is not AD Synced. We're working in the cloud with all our applications and services.

When we check the value of the attributes in the Exchange Admin Center, everything is filled in correctly. But our groups are not filled with members, and there is no error.

 

Why are our groups not populated with users?

9 Replies

@Viktor Hedberg 

 

Hello,

this rule is very simple: (user.extensionAttribute1 -eq "xxxxxxxxxxxxx")

 


@Viktor Hedberg wrote:

@Johan Pauly Hi, how are your rules for the dynamic groups set up? 

 

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership




 

Hi again,

Just to be clear. Are we talking about Dynamic Azure AD Groups or Dynamic Distribution Groups?

/Viktor

@Viktor Hedberg 

 

It's about Dynamic Azure AD Groups.

Solution
Yeah, right. The ExtensionAttribute you are referring to is present on the Exhange Mailbox?

Azure AD dynamic group rules does not as to my knowledge let you use Exchange Extension Attributes from out-of-the box.

Since you also stated that there is no AAD Connect Sync in place, I would try another attribute. The ExtensionAttributes reffered to in https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership... are those coming from on-prem AD via sync.
That is also what I thought. But I was not sure about it.
As your said, these ExtensionAttributes are present on the Exchange mailbox. About using another attribute, it's difficult. We want to use a specific value to populate these groups.
Thanks for your answers.

Hello,

 

you can use custom properties for membership of dynamic azure ad groups without on permises AD sync.
However, these custom properties are not the ones you can set in EAC!

Despite them being called "onPremisesExtensionAttributes", you can use them without ad sync.

The rules you can make with them for dynamic azure AD group membership, are much more powerful than the EAC custom attributes (which you can use only for dynamic distribution groups, not for azure ad dynamic groups), you'll like it!


The recommended way to get/set these properties is using ms graph (as far as I could find out, there exists a - more complex - way for setting them with powershell,  but I could find no way to retrieve them with powershell).

To get these custom  properties (and check there's no on premises sync):

GET https://graph.microsoft.com/v1.0/users/<id< a=""> or principa</id<>l name>?$select=onPremisesSyncEnabled,onPremisesExtensionAttributes

If there's no on premises sync, onPremisesSyncEnabled is null (if onPremisesSyncEnabled is true, the...

 

If onPremisesSyncEnabled is null or false, you can set them like this :

PATCH https://graph.microsoft.com/v1.0/users/<id< a=""> or principal name></id<>

with a request body like this :

{
 "onPremisesExtensionAttributes": {
     "extensionAttribute1": "any string you like",
     "extensio...














 

You can test the above requests in graph explorer (https://developer.microsoft.com/en-us/graph/graph-explorer).

 

More info here: https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0

and here: https://docs.microsoft.com/en-us/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1...

 

 

Best regards,

 

Tom

My post above appearded a little screwed up, hope the commands will be readable this time:

 

getting:

GET https://graph.microsoft.com/v1.0/users/id_or_<id< a="">principa</id<>lname_here?$select=onPremisesSyncEnabled,onPremisesExtensionAttributes

 

setting:

PATCH https://graph.microsoft.com/v1.0/users/id_or_<id< a="">principa</id<>lname_here

with  a request body like this:

{
     "onPremisesExtensionAttributes": {
          "extensionAttribute1": "any string you want",
          "extensionAttribute2": "some other string",
          "extensionAttribute3": null,
          "extensionAttribute4": null,
          "extensionAttribute5": null,
          "extensionAttribute6": null,
          "extensionAttribute7": null,
          "extensionAttribute8": null,
          "extensionAttribute9": null,
          "extensionAttribute10": null,
          "extensionAttribute11": null,
          "extensionAttribute12": null,
          "extensionAttribute13": null,
          "extensionAttribute14": null,
          "extensionAttribute15": null
     }
}

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies