Forum Discussion
Solved
Creating dynamic groups with custom attribute
We want to create several groups based on the value that we fill into the field CustomAttribute1. Our environment is not AD Synced. We're working in the cloud with all our applications and servi...
- Yeah, right. The ExtensionAttribute you are referring to is present on the Exhange Mailbox?
Azure AD dynamic group rules does not as to my knowledge let you use Exchange Extension Attributes from out-of-the box.
Since you also stated that there is no AAD Connect Sync in place, I would try another attribute. The ExtensionAttributes reffered to in https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership#extension-properties-and-custom-extension-properties are those coming from on-prem AD via sync.
GET https://graph.microsoft.com/v1.0/users/userid?$select=onPremisesSyncEnabled,onPremisesExtensionAttributes
PATCH https://graph.microsoft.com/v1.0/users/userid
you can use id or principalname as userid
PATCH https://graph.microsoft.com/v1.0/users/userid
you can use id or principalname as userid
Hi,
Sorry I jump to this discussion maybe later, but I've some interrogation about Extensionattributes.
As i was said previously attributes are by default sync from OnPremiseAD. But it's possible to exclude them from the AAD sync process.
I'd like to use few of them and manage their value from AAD.
Idea is to push some Information grab on MSOL account and Mail box activity (thourgh graph and automation process).
At the end I want to use 2 attribute to store nb of inactivity days, then Identify Sleeping accounts on another other attributes when Account inactive more than 30 days.
Both of this attribute will be used in Dynamic Group rule to define membership.
=> is it possible to stop Synchronization of an attribute, then mange this in AAD side only? Or will it be possible to manage them from exchange online Powershell?
Sorry I jump to this discussion maybe later, but I've some interrogation about Extensionattributes.
As i was said previously attributes are by default sync from OnPremiseAD. But it's possible to exclude them from the AAD sync process.
I'd like to use few of them and manage their value from AAD.
Idea is to push some Information grab on MSOL account and Mail box activity (thourgh graph and automation process).
At the end I want to use 2 attribute to store nb of inactivity days, then Identify Sleeping accounts on another other attributes when Account inactive more than 30 days.
Both of this attribute will be used in Dynamic Group rule to define membership.
=> is it possible to stop Synchronization of an attribute, then mange this in AAD side only? Or will it be possible to manage them from exchange online Powershell?