How to create a dynamic group based upon date the account was created

Cody Barnhart 11 Reputation points
2022-07-26T14:43:41.963+00:00

At our school, we are trying to create a dynamic group based upon the date the account was created. Or we could create a dynamic group based upon active users within our organization. We are in the process of syncing our cloud directory to an on premises server, but only want to bring over the students who are currently or have recently taken course. Is there a PowerShell script that can be used to create this dynamic group? Any assistance would be appreciated.

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,322 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,108 questions
{count} vote

1 answer

Sort by: Most helpful
  1. 2022-07-26T18:00:45.793+00:00

    Hello @Cody Barnhart , you can create an Azure AD Dynamic Group for active (enabled) accounts using the following rule: (user.accountEnabled -eq true).

    Regarding account creation we need to take a custom approach here since Dynamic Group rules do not support gt, ge, lt or le operators. Here you can:

    1. Create an Azure AD directory extension, let's say extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise of type boolean
    2. Filter Azure AD users you want to sync based on CreatedDateTime property. E.g.: $Users=$Get-MgUser -Select Id,CreatedDateTime,<Other properties to be returned>|Where-Object -Property CreatedDateTime -GE ([Datetime]::new(2022,7,1)) # Or any other date
    3. Update cloud users directory extension. E.g. $Users|ForEach-Object { Set-AzureADUserExtension -ExtensionName extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise -ExtensionValue true -ObjectId $_.Id }
    4. Create a Dynamic Group using the following rule: (user.extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise -eq true)

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    1 person found this answer helpful.