Dynamic Group with memberof syntax failing

Chris Roberson 35 Reputation points
2024-03-12T19:18:45.3033333+00:00

I'm trying to create a new dynamic Microsoft 365 group using the memberof syntax, referencing a sync'd on-prem security group. When I attempt to validate test users against the rule, the result is "Not in group", wheter the test users are actually members of the referenced security group or not. If I view the details of the result, under status, all lines have a red X except for the line "directoryLinkChange.aad.isdeleted -ne true". Any insight would be much appreciated!

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,898 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dillon Silzer 57,586 Reputation points
    2024-03-13T05:28:27.7433333+00:00

    Hi Chris,

    As far as I know you cannot use any other operators with the memberOf attribute:

    Preview limitations

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of#preview-limitations

    Preview limitations

    • The memberOf attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
    • The dynamic group rule builder and validate feature can't be used for memberOf at this time.
    • The memberOf attribute can't be used with other operators. For example, you can't create a rule that states "Members Of group A can't be in Dynamic group B."

    If this is helpful please accept answer.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.