Forum Discussion

Timo_Schuldt's avatar
Timo_Schuldt
Brass Contributor
Feb 21, 2023

Exclude members of specific group from dynamic group

Hello,

 

is there a way to exclude users from a group (Group A) from a dynamic Group (Group B)?

Couldn't find a matching rule yet.

 

Appreciate the help

  • Jan Bakker's avatar
    Jan Bakker
    Iron Contributor
    Hey mate, not sure what the goals is here, but there are some limitations:

    When adding members of security groups to memberOf dynamic groups, only direct members of the security group become members of the dynamic group.

    You can't use one memberOf dynamic group to define the membership of another memberOf dynamic groups. For example, Dynamic Group A, with members of group B and C in it, can't be a member of Dynamic Group D).

    MemberOf can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.

    Dynamic group rule builder and validate feature can't be used for memberOf at this time.

    MemberOf can't be used with other operators. For example, you can't create a rule that states “Members Of group A can't be in Dynamic group B.”

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-rule-member-of

Resources