Exclude user from a dynamic group based on group membership

John Oliveros 26 Reputation points
2022-10-26T10:43:54.927+00:00

Hi,

I have a dynamic group with few of users that I wanted to exclude based on the group (Membership Type: Assigned) they belong to.

I am playing around this paramater user.memberof -any (group.objectId -in ['value']) but can't get it to work.

First three parameters are working but when I include user.memberof it started to fail.

Any thoughts around this? Is this even feasible?

254279-dynamic-distro.jpg

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,104 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Stephannn 11 Reputation points
    2023-01-02T12:17:45.343+00:00

    Hi there,
    anybody may have an idea about a timeline of this feature? The combination between memberof and any other rule would be very helpful, or an exclusion of members of another group.
    Regards
    Stephan

    2 people found this answer helpful.
    0 comments No comments

  2. JimmySalian-2011 41,961 Reputation points
    2022-10-26T11:21:34.593+00:00

    Hi Darkrai,

    I think you will have to use the new preview feature of Dynamic Groups and that should do the trick so follow this page and new filter defined here

    Hope this helps.
    JS

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

  3. Aaron Gill 5 Reputation points
    2023-04-06T13:15:21.9966667+00:00

    This is definitely Not Possible at this point (see below). You can't exclude based on group membership (only include) because you can't use other operators with it.
    Hopefully soon. I know many good uses for it. Preview limitations

    • Each [ Snipped Preview Limitations for brevity] .... time.
    • MemberOf can't be used with other operators. For example, you can't create a rule that states “Members Of group A can't be in Dynamic group B.”
    • The objects specified in the rule can't be administrative units.
    1 person found this answer helpful.
    0 comments No comments