AAD dynamic group syntax question

Question

Hey guys,

i'm using the following syntax to create a AAD dynamic group which is working fine:

(user.assignedplans -any (assignedplan.serviceplanid -eq "6c6042f5-6f01-4d67-b8c1-eb99d36eed3e" -and assignedplan.capabilitystatus -eq "enabled")) -and (user.country -in ["Mexico","Brazil","Canada","Argentina","Chile","Costa Rica","United States (the)"])

Now I would like to group the users within that group by starting letter of their last name. So I would like to add to something like that ....

(user.surname -startswith "a") or (user.surname -startswith "b") or (user.surname -startswith "c") ... and so on.

Doing it this way will extend the query and it becomes unreadable in my eyes.

Is there a way to define a scope of starting letters like "A" to "C" which includes the letter A,B,C?

Greetz,
Chris

Answer 1

Hello,

To simplify you should use regular expression, for example :
user.surname -match ^[abc]

Below an example in this article :
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership?auth=2#using-the--match-operator

Regards,

Answer 2

Hello Clement!

thx for your answer. I'm sorry, but it doesn't help.

Adding the syntax you provide saving the membership rule is not possible ...

It looks like this:

(user.assignedplans -any (assignedplan.serviceplanid -eq "6c6042f5-6f01-4d67-b8c1-eb99d36eed3e" -and assignedplan.capabilitystatus -eq "enabled")) -and (user.country -in ["Mexico","Brazil","Canada","Argentina","Chile","Costa Rica","United States (the)"]) or (user.surname -match [abc])

Best regards,
Chris

Answer 3

Hey Clement!

Yes, this works fine. Thanks for your assistance!

Greetings,
Chris