Share via

Attribute-based dynamic groups for O365

Anonymous
2018-06-11T15:47:11+00:00

I am trying to setup O365 group based licensing.  I tested with security group based licensing and it worked great.  But now, I like to create attribute-based dynamic groups, and I am not sure how to create attribute based dynamic groups with PowerShell.  Since we are not sure if we could afford Azure AD Premium, I like to create attributes based dynamic groups with PowerShell.  Is it possible to accomplish?

Also, I was wondering instead of using Azure AD, can I create dynamic security group on on-prem AD and sync to Azure AD?

Thank you.

Akiko

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2018-06-15T01:56:00+00:00

Hi Akiko,

Sure, it's possible to sync Security group from on-premises AD to Azure AD so the Group type shows Security. Also if you update members on premises, it also will sync to Azure AD. It's an expected behavior. But for Dynamic attribute-based Distribution Group in Azure AD, it will filter group members automatically based on the rule you created, which is different from Security group.

For your reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-understanding-users-and-contacts

Of course, based on your description, the Security group synced from on-premises AD can meet your request. We are glad to hear that and if you have any concern about it, you are welcomed to come back to us.

Thanks,

Iry

Was this answer helpful?

0 comments

Answer accepted by question author

Anonymous
2018-06-11T18:44:14+00:00

Hello Akiko,

I don't think it can possible to accomplish using Power Shell. You need to  

have Azure AD Premium license. 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal

No, group will not Sync with on-prem or vise-versa.

https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Do-AzureAD-Dynamic-groups-sync-changes-to-On-Prem-security/td-p/45743

Thanks,

Was this answer helpful?

0 comments

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-06-14T16:51:31+00:00

    Iry,

    Okay. It shows "Assigned" on membership type, but it also said, "synced"

     And it looks like member is updating every time I sync.

    Akiko

    Was this answer helpful?

    0 comments
  2. Anonymous
    2018-06-14T10:42:13+00:00

    Hi Akiko,

    It requires Azure AD Premium P1 license to create attribute-based dynamic groups as Renie mentioned. Generally if you created AD security group on-premises AD, after you synced to Azure AD, the Membership type still shows Assigned and the Group type shows Security. They are grey out and cannot be modified.

    Thanks,

    Iry

    Was this answer helpful?

    0 comments
  3. Anonymous
    2018-06-13T15:16:36+00:00

    Renie,

    Thank you for your information.

    I created AD security group based on attribute.  It is not dynamic security group, however, when I run the PowerShell, it can update the member based on attribute. Then after I sync AD to cloud, it looks like updating group member on Group based license.

    I hope this works....  However, I am still afraid it might quit working when Group licensing Public Preview finishes.

    Thank you.

    Akiko

    Was this answer helpful?

    0 comments