Dynamic security group with all users with any plan (all licensed users)

Brase, Daniel 296 Reputation points
2021-11-24T08:37:40.987+00:00

Hi guys,

I'm trying to create a dynamic security group with only licensed users. I've already found this and some other examples to get this working. To test around I started with this filter:

(user.accountEnabled -eq True) and (user.assignedplans -any (assignedplan.serviceplanid -eq "3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40"))  

152159-2021-11-24-08h57-21.png

This works generally, but I want a rule with any plan and not a specific one. So I tried this one:

(user.accountEnabled -eq True) and (user.assignedplans -all (assignedplan.serviceplanid -ne null))  

But that doesn't work in my case:

152119-2021-11-24-09h03-37.png
152201-2021-11-24-09h05-13.png
152211-2021-11-24-09h07-21.png

This is also working but I want it vice versa:

(user.accountEnabled -eq True) and (user.assignedplans -any (assignedplan.serviceplanid -eq null)  

152038-2021-11-24-09h35-29.png

Maybe someone has a hint.

Thanks, Daniel.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,706 questions
No comments
{count} votes

Accepted answer
  1. Brase, Daniel 296 Reputation points
    2021-11-24T08:43:04.46+00:00

    Ok, I was able to manage it on my own. I got it working with the not operator:

    (user.accountEnabled -eq True) and not (user.assignedplans -all (assignedplan.serviceplanid -eq null))  
    

    152177-2021-11-24-09h41-49.png

    I would have expected that if I use -eq operator and have a result, the the operator -ne switches the result. Anyway, maybe this helps someone else.

    No comments

0 additional answers

Sort by: Most helpful