How to create a dynamic group membership group in Azure AD based on last password change date, please gelp.

Jane doe 0 Reputation points
2024-04-07T23:11:55.4533333+00:00

How to create a dynamic group membership group in Azure AD based on last password change date, please help.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,817 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vahid Ghafarpour 21,635 Reputation points
    2024-04-08T00:27:36.81+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    It should be something like this:

    $rule = "UserPasswordLastChangeDate -ge `" + (Get-Date).AddDays(-30).ToString("yyyy-MM-ddTHH:mm:ssZ") + "`"
    New-AzureADMSGroup -DisplayName "Password Last Changed in Last 30 Days" -MailEnabled $false -SecurityEnabled $true -GroupTypes "DynamicMembership" -MembershipRule $rule -MembershipRuleProcessingState "On"
    
    

    https://learn.microsoft.com/en-us/answers/questions/1029231/get-last-password-change-time-stamp-with-graph-pow

    https://www.powershellcenter.com/2023/02/03/pwdlastset/

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful **

    0 comments No comments

  2. Vasil Michev 106.3K Reputation points MVP
    2024-04-08T16:11:15.5333333+00:00

    You cannot create such dynamic group, as the corresponding property is not supported for dynamic membership queries. This article lists the currently supported properties: https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#supported-properties

    Either use a different property, or create an assigned membership group and update it periodically.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.