Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Using onPremisesDistinguishedName Attribute in Group Base License (GBL)

Iron Contributor

I'm trying to use Azure AD user Extension Property onPremisesDistinguishedName attribute as part of an expression in a GBL Dynamic User query. 


 I've used custom extension like user.extension._xxxxxxxxxxxxxxx_CustomAttribute successfully within my query for GBL; however, I'm having an issue trying to use onPremisesDistinguishedName to my GBL query.


Any help with adding onPremisesDistinguishedName to Dynamic membership rule in GBL would be appreciated.


Thank You,



1 Reply
Hey there. You wouldn't be able to directly use on prem DN for Dynamic membership. What you can do though is use AAD Connect custom sync rule to write the DN to one of the extension attributes and in turn configure a Dynamic membership rules using that specific extension attributes.