Dynamic membership rules

%3CLINGO-SUB%20id%3D%22lingo-sub-1977561%22%20slang%3D%22en-US%22%3EDynamic%20membership%20rules%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1977561%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%20I%20need%20to%20create%20a%20dynamic%20group%20that%20contains%20only%20active%20users%2C%20and%20I%20would%20like%20to%20filter%20other%20Azure%20AD%20attributes%2C%20such%20as%20the%20position%20for%20example.%3CBR%20%2F%3EI%20was%20not%20able%20to%20proceed%20even%20analyzing%20the%20documentation.%3CBR%20%2F%3EDoes%20anyone%20have%20experience%20with%20creating%20custom%20dynamic%20association%20rules%3F%20Is%20it%20possible%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1977561%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAutomation%20%26amp%3B%20Control%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGroups%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUsers%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1981623%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20membership%20rules%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1981623%22%20slang%3D%22en-US%22%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20is%20all%20explained%20here%20%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fenterprise-users%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fenterprise-users%2Fgroups-dynamic-membership%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAn%20example%20of%20active%20users%20is%20the%20below%2C%20taken%20from%20the%20link%20above%3A%3CBR%20%2F%3EProperties%20Allowed%20values%20Usage%3CBR%20%2F%3EaccountEnabled%20true%20false%20user.accountEnabled%20-eq%20true%3CBR%20%2F%3EdirSyncEnabled%20true%20false%20user.dirSyncEnabled%20-eq%20true%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EKeep%20in%20mind%20that%20this%20feature%20requires%20an%20Azure%20AD%20Premium%20P1%20license%20for%20each%20unique%20user%20that%20is%20a%20member%20of%20one%20or%20more%20dynamic%20groups.%20You%20don't%20have%20to%20assign%20licenses%20to%20users%20for%20them%20to%20be%20members%20of%20dynamic%20groups%2C%20but%20you%20must%20have%20the%20minimum%20number%20of%20licenses%20in%20the%20Azure%20AD%20organization%20to%20cover%20all%20such%20users.%20For%20example%2C%20if%20you%20had%20a%20total%20of%201%2C000%20unique%20users%20in%20all%20dynamic%20groups%20in%20your%20organization%2C%20you%20would%20need%20at%20least%201%2C000%20licenses%20for%20Azure%20AD%20Premium%20P1%20to%20meet%20the%20license%20requirement.%3C%2FLINGO-BODY%3E
New Contributor

Hello, I need to create a dynamic group that contains only active users, and I would like to filter other Azure AD attributes, such as the position for example.
I was not able to proceed even analyzing the documentation.
Does anyone have experience with creating custom dynamic association rules? Is it possible?

1 Reply
Hello,

It is all explained here : https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

An example of active users is the below, taken from the link above:
Properties Allowed values Usage
accountEnabled true false user.accountEnabled -eq true
dirSyncEnabled true false user.dirSyncEnabled -eq true


Keep in mind that this feature requires an Azure AD Premium P1 license for each unique user that is a member of one or more dynamic groups. You don't have to assign licenses to users for them to be members of dynamic groups, but you must have the minimum number of licenses in the Azure AD organization to cover all such users. For example, if you had a total of 1,000 unique users in all dynamic groups in your organization, you would need at least 1,000 licenses for Azure AD Premium P1 to meet the license requirement.