insufficient privileges to remove member out of security group - im global admin

%3CLINGO-SUB%20id%3D%22lingo-sub-2278851%22%20slang%3D%22en-US%22%3Einsufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278851%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWas%20wondering%20if%20you%20can%20help.%20I%20am%20a%20global%20admin%20and%20I%20cant%20seem%20to%20remove%20users%20out%20of%20this%20security%20group%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202021-04-20%20at%209.46.32%20AM.png%22%20style%3D%22width%3A%20908px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274021iBD8BE819CB761ABE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202021-04-20%20at%209.46.32%20AM.png%22%20alt%3D%22Screenshot%202021-04-20%20at%209.46.32%20AM.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20why%20I%20would%20get%20this%20message%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2278851%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnalytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EApp%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Bots%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Essentials%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Resource%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Stack%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EData%20%2B%20Storage%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPatch%20%26amp%3B%20Change%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EProtection%20%26amp%3B%20Recovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278981%22%20slang%3D%22en-US%22%3ERe%3A%20insufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278981%22%20slang%3D%22en-US%22%3EIf%20your%20GA%20privileged%20apparently%20it%20should%20work%20for%20you.%20May%20I%20know%20what%20is%20the%20group%20type%20is%20that%20Dynamic%20Users%22%20or%20%22Dynamic%20device%22%20and%20also%20share%20the%20Dynamic%20membership%20rules%20property%20screenshot%20to%20understand%20what%20was%20configured%20in%20Group%20dynamic%20to%20feed%20further.%20Thanks!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278955%22%20slang%3D%22en-US%22%3ERe%3A%20insufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278955%22%20slang%3D%22en-US%22%3EThe%20%22add%20expression%22%20is%20greyed%20out%20for%20me%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278942%22%20slang%3D%22en-US%22%3ERe%3A%20insufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278942%22%20slang%3D%22en-US%22%3ECheck%20the%20Security%20group%20type%20as%20set%20to%20%22Dynamic%20Users%22%20or%20%22Dynamic%20device%22%20type%20and%20then%20navigate%20to%20the%20group%20if%20suppose%20Dynamic%20User%20type%20where%20you%20have%20to%20validate%20Dynamic%20membership%20rules%20property%20defined%20to%20query%20from%20AD%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fitops-talk-blog%2Fdynamic-groups-in-azure-ad-and-microsoft-365%2Fbc-p%2F2269553%23M1563%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fitops-talk-blog%2Fdynamic-groups-in-azure-ad-and-microsoft-365%2Fbc-p%2F2269553%23M1563%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278920%22%20slang%3D%22en-US%22%3ERe%3A%20insufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278920%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20thanks%20for%20this.%20So%20I%20need%20to%20remove%20one%20member%20who%20shouldn't%20be%20apart%20of%20the%20group.%3CBR%20%2F%3EHow%20do%20I%20do%20this%3CBR%20%2F%3EThis%20is%20the%20rule%20syntax%3A%3CBR%20%2F%3E(user.extension_fe2174665583431c953114ff7268b7b3_Education_ObjectType%20-eq%20%22Teacher%22)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278918%22%20slang%3D%22en-US%22%3ERe%3A%20insufficient%20privileges%20to%20remove%20member%20out%20of%20security%20group%20-%20im%20global%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278918%22%20slang%3D%22en-US%22%3ESeems%20your%20screenshot%20looks%20that%20the%20group%20type%20is%20Dynamic%2C%20by%20theory%20this%20option.%2C%3CBR%20%2F%3EDynamic%20user.%20Lets%20you%20use%20dynamic%20membership%20rules%20to%20automatically%20add%20and%20remove%20members.%20If%20a%20member's%20attributes%20change%2C%20the%20system%20looks%20at%20your%20dynamic%20group%20rules%20for%20the%20directory%20to%20see%20if%20the%20member%20meets%20the%20rule%20requirements%20(is%20added)%20or%20no%20longer%20meets%20the%20requirements%20of%20the%20rule%20(is%20removed).%3C%2FLINGO-BODY%3E
Regular Contributor

Hi all, 

 

Was wondering if you can help. I am a global admin and I cant seem to remove users out of this security group: 

 

Screenshot 2021-04-20 at 9.46.32 AM.png

 

Any ideas why I would get this message? 

 

5 Replies
Seems your screenshot looks that the group type is Dynamic, by theory this option.,
Dynamic user. Lets you use dynamic membership rules to automatically add and remove members. If a member's attributes change, the system looks at your dynamic group rules for the directory to see if the member meets the rule requirements (is added) or no longer meets the requirements of the rule (is removed).

Hi thanks for this. So I need to remove one member who shouldn't be apart of the group.
How do I do this
This is the rule syntax:
(user.extension_fe2174665583431c953114ff7268b7b3_Education_ObjectType -eq "Teacher")

Check the Security group type as set to "Dynamic Users" or "Dynamic device" type and then navigate to the group if suppose Dynamic User type where you have to validate Dynamic membership rules property defined to query from AD

https://techcommunity.microsoft.com/t5/itops-talk-blog/dynamic-groups-in-azure-ad-and-microsoft-365/...
The "add expression" is greyed out for me?
If your GA privileged apparently it should work for you. May I know what is the group type is that Dynamic Users" or "Dynamic device" and also share the Dynamic membership rules property screenshot to understand what was configured in Group dynamic to feed further. Thanks!