25,080 questions
Hi there,
anybody may have an idea about a timeline of this feature? The combination between memberof and any other rule would be very helpful, or an exclusion of members of another group.
Regards
Stephan
Exclude user from a dynamic group based on group membership
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 25%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
John Oliveros
26
Reputation points
Hi,
I have a dynamic group with few of users that I wanted to exclude based on the group (Membership Type: Assigned) they belong to.
I am playing around this paramater user.memberof -any (group.objectId -in ['value']) but can't get it to work.
First three parameters are working but when I include user.memberof it started to fail.
Any thoughts around this? Is this even feasible?
Microsoft Security Microsoft Entra Microsoft Entra ID
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator2022-10-31T13:28:40.127+00:00 Hi @John Oliveros ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 13%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Randy Schwidder (Privé) 6 Reputation points2022-12-19T16:08:22.853+00:00 I've got the same question and what I understand it is not posible yet. See the limitations mentioned:
Preview limitations
- Each Azure AD tenant is limited to 500 dynamic groups using the memberOf attribute. memberOf groups do count towards the total dynamic group member quota of 5,000.
- Each dynamic group can have up to 50 member groups.
- When adding members of security groups to memberOf dynamic groups, only direct members of the security group become members of the dynamic group.
- You can't use one memberOf dynamic group to define the membership of another memberOf dynamic groups. For example, Dynamic Group A, with members of group B and C in it, can't be a member of Dynamic Group D).
- MemberOf can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
- Dynamic group rule builder and validate feature can't be used for memberOf at this time.
- MemberOf can't be used with other operators. For example, you can't create a rule that states “Members Of group A can't be in Dynamic group B.”
- The objects specified in the rule can't be administrative units.
Sign in to comment
5 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 46%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Stephannn 11 Reputation points2023-01-02T12:17:45.343+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 27%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aaron Gill 10 Reputation points2023-04-06T13:15:21.9966667+00:00 This is definitely Not Possible at this point (see below). You can't exclude based on group membership (only include) because you can't use other operators with it.
Hopefully soon. I know many good uses for it. Preview limitations- Each [ Snipped Preview Limitations for brevity] .... time.
- MemberOf can't be used with other operators. For example, you can't create a rule that states “Members Of group A can't be in Dynamic group B.”
- The objects specified in the rule can't be administrative units.
-
JimmySalian-2011 42,491 Reputation points2022-10-26T11:21:34.593+00:00 Hi Darkrai,
I think you will have to use the new preview feature of Dynamic Groups and that should do the trick so follow this page and new filter defined here
Hope this helps.
JS==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 34%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Victor Alberto Castellanos de Leon 0 Reputation points2024-11-28T00:46:30.9666667+00:00 Hi everyone, I also hope that this feature is enabled soon because I have the same situation, I need to exclude users from a group from my dynamic group but everything I have read online says that this is not possible, you can only filter by name but it does not help if you have an entire population to exclude from said group.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 34%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Mark Burland 1 Reputation point2024-12-09T12:35:17.9233333+00:00 Incredible that this is still a PREVIEW feature! I could really make use of it for group based licensing. If we need to license a class for a particular product it would be so straightforward, except the owners of each class are their class teachers, who require different licenses. It's a real pain.