Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Filtering users based on licenses for dynamic grouping

Copper Contributor

Hi,

 

I am trying to make a dynamic users query for a dynamic group in AAD. What I essentially want is to add every member that does not have a E3 license to the group for automatic licensing. I have figured out that the assignedLicense aren't supported and I have tried to do a call for Exchange Online Plan 2.

 

My current query:

user.assignedPlans -all (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Disabled")

 

This should look for everyone with Exchange Online Plan 2 disabled and add them to the group. That has worked so far. 

 

The problem I got now is when I am automatically assigning E1 licenses to everyone in the group they will be removed from the group and the license will be removed from the user. I am also experiencing that I can't add them back into the group with the query.

 

Anyone that can help me out here? Is what I am trying to do even possible?

 

Thanks in advance

1 Reply
best response confirmed by Christopher_A (Copper Contributor)
Solution

It looks like I have made an error in my query and edited it.

 

It works good now with the following queries:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "efb87545-963c-4e0d-99df-69c6916d9eb0") ---- This checks if a user is on Exchange Online Plan 2, if not it will be added to the group.

 

You can also use this to filter out E1 licenses:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "9aaf7827-d63c-4b61-89c3-182f06f82e5c")

 

It doesn't look to be possible to separate E3 and E5 at this moment, unless you find a serviceID for a service that doesn't come with both subscriptions. So all in all it is a semi workaround for filtering on licenses.

 

When it comes to the problem I had concerning users being removed it sorted it out with the new query. It looked to be the query that checked if it was enabled or disabled that made them be removed and impossible to be added (this I have no idea how happened).

 

Thanks.

1 best response

Accepted Solutions
best response confirmed by Christopher_A (Copper Contributor)
Solution

It looks like I have made an error in my query and edited it.

 

It works good now with the following queries:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "efb87545-963c-4e0d-99df-69c6916d9eb0") ---- This checks if a user is on Exchange Online Plan 2, if not it will be added to the group.

 

You can also use this to filter out E1 licenses:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "9aaf7827-d63c-4b61-89c3-182f06f82e5c")

 

It doesn't look to be possible to separate E3 and E5 at this moment, unless you find a serviceID for a service that doesn't come with both subscriptions. So all in all it is a semi workaround for filtering on licenses.

 

When it comes to the problem I had concerning users being removed it sorted it out with the new query. It looked to be the query that checked if it was enabled or disabled that made them be removed and impossible to be added (this I have no idea how happened).

 

Thanks.

View solution in original post