AAD Dynamic Group Membership Rules - How to add multiple values for a custom attributes?

Marcous Constantine 1 Reputation point
2021-07-21T04:31:08.2+00:00

Hi,

I have a custom attributes which store value for the name of different teams in my organization.
I wanted to create a security group which can have 2 teams in it plus a senior manager.

(user.city -eq "Hong Kong") and (user.assignedPlans -any assignedPlan.service -eq "AADPremiumService" -and assignedPlan.capabilityStatus -eq "Enabled") and (user.extensionAttribute4 -eq "Permanent") and (user.extensionAttribute5 -in "["Finance & Trading","Technology"]") or (user.jobTitle -eq "Senior Manager")

I know the rest of the rules are ok except for extensionAttribute5. As you can see here I wanted to add both "Finance & Trading" & "Technology" teams in this group but keep getting a syntax error.

I even tried (user.extensionAttribute5 -eq user.extensionAttribute5 -eq "Finance & Trading" -or user.extensionAttribute5 -eq "Technology") but that doesn't work too.

Please help.

Regards,
Marcous

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,815 questions
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,281 Reputation points Microsoft Employee
    2021-09-13T06:51:53.833+00:00

    @Marcous Constantine Thanks for reaching out and apologies for delay on this.

    Are you still facing the issue, if yes, can you share the query that you have written. you should be able to use the extension property attributes in dynamic queries.
    Do note, that the custom attributes can be used/bring in by SAAS application on on premises resource. if it is not AAD native, you will have to bring in custom properties using the Get Custom properties option while creating the Dynamic group.

    Do let us know the status so that we can help you accordingly.

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.