Hello @Cody Barnhart , you can create an Azure AD Dynamic Group for active (enabled) accounts using the following rule: (user.accountEnabled -eq true)
.
Regarding account creation we need to take a custom approach here since Dynamic Group rules do not support gt, ge, lt or le operators. Here you can:
- Create an Azure AD directory extension, let's say extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise of type boolean
- Filter Azure AD users you want to sync based on CreatedDateTime property. E.g.:
$Users=$Get-MgUser -Select Id,CreatedDateTime,<Other properties to be returned>|Where-Object -Property CreatedDateTime -GE ([Datetime]::new(2022,7,1)) # Or any other date
- Update cloud users directory extension. E.g.
$Users|ForEach-Object { Set-AzureADUserExtension -ExtensionName extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise -ExtensionValue true -ObjectId $_.Id }
- Create a Dynamic Group using the following rule:
(user.extension_b7d8e648520f41d3b9c0fdeb91768a0a_syncToOnPremise -eq true)
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.