Forum Discussion

PatrickF11's avatar
PatrickF11
Steel Contributor
Jul 11, 2019

dynamic group based on assigned license

Hi,   is it possible to create a group with users based on a assigned license? So i want to include all users into this specific group who has e.g. an E3 license assigned, but not an E5.   It se...
dynamic groups
groups
powershell
PatrickF11's avatar
PatrickF11
Steel Contributor
Jul 29, 2022
Thank you Josh, at this moment i already know how to deal with that. 🙂
The linked article from Thijs Lecomte is really great, although I had to taught this by myself.
  • Nick_Zhitkov's avatar
    Nick_Zhitkov
    Copper Contributor
    Nov 29, 2022

    This works perfectly for the dynamic group:
    user.assignedPlans -any (assignedPlan.service -eq "TeamspaceAPI" -and assignedPlan.capabilityStatus -eq "Enabled")

    To get Service names you can run PowerShell: 

    Get-AzureADUser -SearchString "UserName" | Select -ExpandProperty AssignedPlans

    The whole idea is that you can combine results by the part of the name using "contains" (to get all users licensed for AAD for. instance). I use it to get all users with any Teams License for any E or F licenses.
    For the license separation you can use name that only exisit for the E3/E5 plan but you can do the same with Service Plan IDs. 

    I hope it helped. 

    • PatrickF11's avatar
      PatrickF11
      Steel Contributor
      Nov 29, 2022

      Because of the long time passed by, i've updated my personal documentation in the meantime, too.

      Just in case someone stumbles upon this topic:

       

      I personally prefer using the ServicePlan ID:

      1. Get ServicePlan ID via Powershell
        1. Get-AzureADUserLicenseDetail -ObjectId $user.objectid | Select-Object -ExpandProperty ServicePlans
      2. Get ServicePlan ID via Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer)
        1. https://graph.microsoft.com/v1.0/users/email address removed for privacy reasons/licenseDetails
      3. Dynamic Rule Query
        1. user.assignedPlans -any (assignedPlan.servicePlanId -eq "xxx-xxx-xxx-xxx-xxx" -and assignedPlan.capabilityStatus -eq "Enabled")
      • Entra_lover5's avatar
        Entra_lover5
        Copper Contributor
        Mar 12, 2024

        PatrickF11 

         

        Patrick, I am trying to understand what the problem was with your original solution?  I am trying to do the same thing right now and was going to use your original solution, but am not following why you werent happy with it. 

         

        Thanks

         

Resources