70 questions
Thats not a supported attribute to filter on for dynamic groups:
Using employeeType for Dynamic Group membership
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 84%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Tatyana
61
Reputation points
Hello,
We have custom AD Connect rule created where we are synchronizing employeeType from AD On Premises to Azure AD. We had the rule created about 2 years ago. We see employeeType in Azure AD GUI for each employee, no issues there. Now we are trying to create Dynamic Group and pull all the employees with employeeType = Employee, but for some reason it only sees the value of that field for one person. For everyone else that field is coming up as blank, even though that field is populated for everyone in AD and Azure AD. Any ideas why that is?
Microsoft Security Intune Grouping
Microsoft Security Microsoft Entra Microsoft Entra ID
25,081 questions
Accepted answer
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator2024-10-15T20:36:18.1566667+00:00 -
Tatyana 61 Reputation points
2024-10-15T21:28:54.2166667+00:00 It’s not available by default that’s why we had to use custom sync rule and to extend the schema. I guess what is confusing the fact that it is available to select as an option from the drop down. If it’s not supported why is it available to select? And how is it working for one employee and not the rest?
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
2024-10-15T21:55:39.1766667+00:00 You should have not needed to do that. What version of Entra connect are you on? The EmployeeType attribute is synced by default over a year and a half ago:
I can't tell you why it works for one account, but its not supported to use that attribute right now. :(
I dont see that as an option when I create a dynamic group in the portal.
-
Tatyana 61 Reputation points
2024-10-16T18:55:16.92+00:00 So it looks like this functional change was released right after we created our custom rule. I don't know what version we were running at that point. Currently we are on 2.3.8.0 version. Does this mean our custom rule is obsolete now?
-
Tatyana 61 Reputation points
2024-10-16T18:59:51.0633333+00:00 When I create new group, I choose Membership type -> Dynamic User, then I click on Add dynamic query. I do not see employeeType as an option to select in Property drop down. However, I click on Get custom extension properties, enter application ID that was created when we extended the schema for our custom rule, then I am able to select extension_appID_employeeType.
What you are saying this should not work because employeeType now syncs by default?
Sign in to comment -