Filter/query Azure AD dynamic versus assigned groups

Allen Lenhart 26 Reputation points

Does anyone know how to query/filter on only assigned versus dynamic versus on-premise synced group?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,811 questions
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,316 Reputation points

    Hi @Allen Lenhart • Thank you for reaching out.

    You can use below graph calls for this purpose.

    To test these calls, open [Graph Explorer][1] and sign-in using Global Administrator account by clicking on the sign-in button in left pane.

    1. For On-premises synced groups: GET$filter=onPremisesSyncEnabled eq true&select=displayname
    2. For Dynamic groups: GET$filter=groupTypes/any(x:x eq 'DynamicMembership')&$select=displayname&$count=true
    3. For Assigned groups: GET$filter=NOT(groupTypes/any(x:x eq 'DynamicMembership'))&$select=displayname&$count=true

    Note: You need to add header ConsistencyLevel=eventual with above calls.

    Permissions required:

    • Directory.ReadWrite.All or Group.ReadWrite.All or Group.Read.All or Directory.Read.All
    • Directory.AccessAsUser.All


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful