Filter/query Azure AD dynamic versus assigned groups

Allen Lenhart 26 Reputation points
2021-08-13T15:08:05.14+00:00

Does anyone know how to query/filter on only assigned versus dynamic versus on-premise synced group?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,811 questions
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,316 Reputation points
    2021-08-23T11:08:14.44+00:00

    Hi @Allen Lenhart • Thank you for reaching out.

    You can use below graph calls for this purpose.

    To test these calls, open [Graph Explorer][1] and sign-in using Global Administrator account by clicking on the sign-in button in left pane.

    1. For On-premises synced groups: GET https://graph.microsoft.com/beta/groups?$filter=onPremisesSyncEnabled eq true&select=displayname
    2. For Dynamic groups: GET https://graph.microsoft.com/beta/groups?$filter=groupTypes/any(x:x eq 'DynamicMembership')&$select=displayname&$count=true
    3. For Assigned groups: GET https://graph.microsoft.com/beta/groups?$filter=NOT(groupTypes/any(x:x eq 'DynamicMembership'))&$select=displayname&$count=true

    Note: You need to add header ConsistencyLevel=eventual with above calls.

    Permissions required:

    • Directory.ReadWrite.All or Group.ReadWrite.All or Group.Read.All or Directory.Read.All
    • Directory.AccessAsUser.All

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful