Share via

I have created two new groups for Greenhouse (Interviewers & Hiring Managers) - as we will have refferals & internal job postings in Greenhouse - everyone needs access, so the rule would be if not external & not in the other two groups then assign to the

Suresh Kolati Adm 0 Reputation points
2024-11-28T11:01:40.93+00:00

I have created two new groups for Greenhouse (Interviewers & Hiring Managers) - as we will have referrals & internal job postings in Greenhouse - everyone needs access, so the rule would be if not external & not in the other two groups then assign to the third group which is Greenhouse All Users

I am using below syntax and getting error "Invalid object ID"

(user.objectId -ne null) AND (user.postalCode -ne "External") AND (user.memberOf -any (group.objectid -in ['1a089b18-b478-4241-9f6f-6f383ec90699', '2afb076c-abfc-4446-ae23-5aa919ce04e3']) -eq false )

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator
    2024-11-29T06:38:24.8666667+00:00

    Hello @Suresh Kolati Adm ,

    Thank you for reaching out Microsoft Q&A.

    I understand that you're getting error "Invalid object ID" using (user.objectId -ne null) AND (user.postalCode -ne "External") AND (user.memberOf -any (group.objectid -in ['1a089b18-b478-4241-9f6f-6f383ec90699', '2afb076c-abfc-4446-ae23-5aa919ce04e3']) -eq false )

    This issue occurs because the dynamic group rule builder and validation feature does not currently support the memberOf attribute, as it is still in the preview stage.

    Additionally, there are several limitations when using memberOf:
    1.You can't use one memberOf dynamic group to define the membership of another memberOf dynamic group.
    2.The memberOf attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
    3.The memberOf attribute can't be used with other operators. For example, you can't create a rule that states "Members Of group A can't be in Dynamic group B."

    NOTE: Since using Dynamic Membership groups with MemberOf attribute is currently in Public Preview stage, you will get inconsistent results.

    for additional information follow: https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of#preview-limitations

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Regards,
    Goutam Pratti.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.