cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

dynamic group based on assigned license

PatrickF11
Regular Contributor

‎Jul 11 2019 03:00 AM

‎Jul 11 2019 03:00 AM

dynamic group based on assigned license

Hi,

 

is it possible to create a group with users based on a assigned license?

So i want to include all users into this specific group who has e.g. an E3 license assigned, but not an E5.

 

It seems, that the only way is to use the a ServicePlan name, not a SKU name, isn't it?

Even better would be a dynamic membership rule based on the SKU, not on a ServicePlan.

 

What i tried to do:

1. Get-MsolAccountSKU to find out the SKU name

2. Created a dynamic group without knowing which syntax to use :D

3. Used this dynamic membership rule as a workaround:

(user.assignedPlans -any ((assignedPlan.service -match "NAME") -and (assignedPlan.capabilityStatus -eq "Enabled")))

 

(I found the ServicePlan names via Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq “ENTERPRISEPREMIUM”} | ForEach-Object {$_.ServiceStatus}

 

Thank you ina advance.

Patrick :)

Labels:
3,048 Views
0 Likes
7 Replies
Reply
7 Replies
adam deltinger

‎Jul 11 2019 03:16 AM

‎Jul 11 2019 03:16 AM

Re: dynamic group based on assigned license

Why don’t u use licensing groups to assign licenses? If you don’t want to use this group for more, just create a dynamic group that pulls members of it?
0 Likes
Reply
PatrickF11

‎Jul 11 2019 03:21 AM

‎Jul 11 2019 03:21 AM

Re: dynamic group based on assigned license

@adam deltinger  I don't want to assign licenses.

I want all users with a specific license to make Self Service Password Reset available.

This is why i want to create a dynamic group with all users with a specific license.

0 Likes
Reply
tweetiepie1983

‎Jul 11 2019 05:04 AM

‎Jul 11 2019 05:04 AM

Re: dynamic group based on assigned license

@PatrickF11 

 

Hi if these users are using dedicated devices, you could set the dynamic group to target device model type. This is how we run our dynamic groups....

0 Likes
Reply
PatrickF11

‎Jul 11 2019 05:18 AM

‎Jul 11 2019 05:18 AM

Re: dynamic group based on assigned license

@tweetiepie1983 

 

Thank you for your suggestion, but i think does not make sense in my environment.

0 Likes
Reply
Vasil Michev

‎Jul 11 2019 08:34 AM

‎Jul 11 2019 08:34 AM

Re: dynamic group based on assigned license

@PatrickF11 sadly, this is (one of the many) limitation of the Graph, there's no going around it. Until they give us proper filtering capabilities, but doesn't look like much is happening on that front either.

 

You can of course always filter them "client-side" and use the resulting set of users to populate some other attribute, which you can then use to create the dynamic membership rule.

2 Likes
Reply
Steven-H

‎Apr 03 2020 10:21 AM - edited ‎Apr 03 2020 10:24 AM

‎Apr 03 2020 10:21 AM - edited ‎Apr 03 2020 10:24 AM

Re: dynamic group based on assigned license

You can do this using the following advanced rule

 

 

(user.assignedPlans -any (assignedPlan.servicePlanId -eq "<servicePlanId>" -and assignedPlan.capabilityStatus -eq "Enabled"))

 

 

You can lookup service plan ids by using the Graph Explorer and looking at licenseDetails on a user that has the desired license assigned.

 

 

https://graph.microsoft.com/v1.0/users/someperson@yourdomain.tld/licenseDetails

 

 

Look in the resulting output for the specific thing to key off.

 

Links

Graph Explorer 

licenseDetails (Graph API) 

 

1 Like
Reply
PatrickF11

‎Apr 07 2020 10:18 PM - edited ‎Apr 08 2020 10:30 PM

‎Apr 07 2020 10:18 PM - edited ‎Apr 08 2020 10:30 PM

Re: dynamic group based on assigned license

Hi @Steven-H 

 

Thanks for your reply, this is nearly the same of what i'm using at the moment.

(Except that u use the id and not the name.)

 

Edit: I didn't think about the approach via the graph, thank you :)

0 Likes
Reply