Unable to remove user from a Dynamic group

Alex Rabbi 66 Reputation points
2024-03-14T16:54:31.0533333+00:00

Hi All,

I have set a dynamic group for meta compliance enterprise app and have many users in the group, i am unable to remove user from the group. I log in as global admin, Add member and Remove member is greyed out.

Also in Dynamic membership rules options are greyed out to add rules or edit rules.

Has anyone faced this issue?

Regards,

Alex

dynamic group

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,831 questions
0 comments No comments
{count} votes

Accepted answer
  1. Babafemi Bulugbe 1,635 Reputation points
    2024-03-19T12:03:24.8733333+00:00

    Hello @Alex Rabbi

    As explained above, you cant manually remove a user from a dynamic group. However, the best solution is to edit rule to add an additional expression like this... and (user.userPrincipalName -ne "theuser@domain")

    Check your permission again as you only need to be assigned atleast a Group Administrator in order to perform this operation. If the issue persist, sign out and sign in again if the permission was recently assigned.

    Let me know if further assistance is required


4 additional answers

Sort by: Most helpful
  1. Marcin Policht 9,505 Reputation points MVP
    2024-03-14T17:27:53.64+00:00

    You need to modify the condition to ensure that a given user is no longer within the scope of the rule of the dynamic group membership.

    As per https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/identity/users/groups-dynamic-membership.md

    "You can't manually add or remove a member of a dynamic group."


    hth

    Marcin


  2. Jing Zhou 1,475 Reputation points Microsoft Vendor
    2024-03-15T09:56:20.6133333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    The problem you described may be caused by permission settings or specific configurations. In this case, it is recommended that you take the following steps:

    Check permissions: Ensure that you log in as a global administrator and have sufficient permissions to modify group membership and dynamic membership rules. Sometimes, permission restrictions may cause certain options to be grayed out or unavailable.

    Check group configuration: Confirm if the configuration of the group you are operating on is correct. There may be certain configuration settings, such as restricting manual member management or editing dynamic membership rules.

    Try other methods: If possible, try using other methods to remove users, such as PowerShell scripts or other management tools. Sometimes, specific restrictions or issues may be bypassed through different channels.

    Hope this answer can help you well.

    Best regards,

    Jill Zhou


  3. Alex Rabbi 66 Reputation points
    2024-03-19T19:34:00.7533333+00:00

    I tried exactly what you provided with user details

    User's image

    When i click on view details, i get this

    User's image


  4. Alex Rabbi 66 Reputation points
    2024-03-20T12:13:00.8366667+00:00

    Thanks Babafemi,

    this one worked, but it took some time to reflect

    (user.userPrincipalName -contains "test.com") -and (user.userPrincipalName -ne "test@test.com")

    Thanks very much for your help, i have clicked on accepted answer