Forum Discussion
Azure AD Dynamic Security Groups creation with inclusion and exclusion.
Hi All,
I have a query regarding Azure AD Dynamic Security Group creation and would like to get some advise from this forum. I want to create an Azure AD Dynamic Security Group which should include all the members in the tenant and at the same time it should also exclude the members from a specific Azure AD security group in the tenant from becoming a member of that Dynamic Security Group . So, basically it has to do inclusion as well as exclusion at the same time and I'm not able to come up with the right syntax to do this. Could you please check and let me know how this can be achieved .
1 Reply
Vignesh,
I know this is an old post and I thought I would answer anyhow. While there is a preview to use memberOf attribute but you can'ty use memberOf with anything else. Lots of people report issues with memberOf.
While it seems like you could have a group that includes users from another group and excludes people from a third group like this:
user.memberof -any (group.objectId -in ['06df5504-4db6-46d5-b773-be9ff6649ef6'])) -and (-not( user.memberof -any (group.objectid -in ['d8b42618-a53c-4927-8f42-3028044fb020']))
It does not work! When I attempt to use the above rule set it gives me everyone that is in the first group.
