This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi All i want to create dynamic unified group. i have a department attribute synced to Azure AD. i have a department with name 9999 IT Support i want to create a dynamic unified group for this department and also i want to add 2 static users to this unified group. Will the below syntax work for me and how do i add static users to this unified group. for example i have john.abc1@Company portal .com and tom.123@Company portal .com (user.accountEnabled -eq true) -and ((user.department -startsWith "9999") or (user.samaccountname -eq "john.abc1") or (user.samaccountname -eq "tom.123"))
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
You may consider using below command in AD powershell
Get-ADUser -Filter {department -like '9999*' -or samaccountname -eq 'john.abc1' -or samaccountname -eq 'tom.123'} | Where { $_.Enabled -eq $True} | Select DisplayName,Userprincipalname,title,Office,description,co,DepartmentNumber,employeeNumber | Export-csv C:\test\groupmember.csv -Notypeinformation
In addition, Azure Active Directory (Azure AD) now provides the means to validate dynamic group rules (in public preview). On the Validate rules tab, you can validate your dynamic rule against sample group members to confirm the rule is working as expected. When creating or updating dynamic group rules, administrators want to know whether a user or a device will be a member of the group. This helps evaluate whether user or device meets the rule criteria and aid in troubleshooting when membership is not expected.
Detailed steps here: Validate a dynamic group membership rule (preview) in Azure Active Directory
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
The syntax below should work for you.
user.accountEnabled -eq true -and (user.department -startsWith "9999" -or user.samaccountname -eq "john.abc1" -or user.samaccountname -eq "tom.123")
Here is the official document about Dynamic membership rules for groups in Azure Active Directory for your reference as well
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Before converting to dynamic unified group how can i validate this query. do i need to check this from Azure AD powershell. if so how do i check to know what users this query is fetching.
user.accountEnabled -eq true -and (user.department -startsWith "9999" -or user.samaccountname -eq "john.abc1" -or user.samaccountname -eq "tom.123")
i want to test something like this butnot sure how to do it.
$Test = "user.accountEnabled -eq true -and (user.department -startsWith "9999" -or user.samaccountname -eq "john.abc1" -or user.samaccountname -eq "tom.123")"
Get-ADUser -Filter $Test -Properties DisplayName,Userprincipalname,title,Office,description,co,DepartmentNumber,employeeNumber | Select DisplayName,Userprincipalname,title,Office,description,co,DepartmentNumber,employeeNumber | Export-csv C:\output.csv -Notypeinformation
Before converting unified group to dynamic unified group i want to test the same query in Azure AD PowerShell
i will use the below query to convert to dynamic unified group and the same query i want to test in Azure AD powershell. in Onprem Active Directory i can test it but i want to test in Azure AD since the syntaxes are different in onprem AD and Azure AD.
user.accountEnabled -eq true -and (user.department -startsWith "9999" -or user.samaccountname -eq "john.abc1" -or user.samaccountname -eq "tom.123")
$Test = "user.accountEnabled -eq true -and (user.department -startsWith "9999" -or user.samaccountname -eq "john.abc1" -or user.samaccountname -eq "tom.123")"
Get-ADUser -Filter $Test -Properties DisplayName,Userprincipalname,title,Office,description,co,DepartmentNumber,employeeNumber | Select DisplayName,Userprincipalname,title,Office,description,co,DepartmentNumber,employeeNumber | Export-csv C:\output.csv -Notypeinformation
Hi
Using Get-AzureADUser to get users in AAD.
-Filter
Specifies an oData v3.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here.
http://www.odata.org/documentation/odata-version-3-0/odata-version-3-0-core-protocol/#queryingcollections
And a link introduces usage here: Get-AzureADUser -Filter Options Drama
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.