Filtering users based on licenses for dynamic grouping

New Contributor



I am trying to make a dynamic users query for a dynamic group in AAD. What I essentially want is to add every member that does not have a E3 license to the group for automatic licensing. I have figured out that the assignedLicense aren't supported and I have tried to do a call for Exchange Online Plan 2.


My current query:

user.assignedPlans -all (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Disabled")


This should look for everyone with Exchange Online Plan 2 disabled and add them to the group. That has worked so far. 


The problem I got now is when I am automatically assigning E1 licenses to everyone in the group they will be removed from the group and the license will be removed from the user. I am also experiencing that I can't add them back into the group with the query.


Anyone that can help me out here? Is what I am trying to do even possible?


Thanks in advance

1 Reply
best response confirmed by Christopher_A (New Contributor)

It looks like I have made an error in my query and edited it.


It works good now with the following queries:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "efb87545-963c-4e0d-99df-69c6916d9eb0") ---- This checks if a user is on Exchange Online Plan 2, if not it will be added to the group.


You can also use this to filter out E1 licenses:

user.assignedPlans -all (assignedPlan.servicePlanId -ne "9aaf7827-d63c-4b61-89c3-182f06f82e5c")


It doesn't look to be possible to separate E3 and E5 at this moment, unless you find a serviceID for a service that doesn't come with both subscriptions. So all in all it is a semi workaround for filtering on licenses.


When it comes to the problem I had concerning users being removed it sorted it out with the new query. It looked to be the query that checked if it was enabled or disabled that made them be removed and impossible to be added (this I have no idea how happened).