Forum Discussion
dynamic group based on assigned license
Hi,
is it possible to create a group with users based on a assigned license?
So i want to include all users into this specific group who has e.g. an E3 license assigned, but not an E5.
It seems, that the only way is to use the a ServicePlan name, not a SKU name, isn't it?
Even better would be a dynamic membership rule based on the SKU, not on a ServicePlan.
What i tried to do:
1. Get-MsolAccountSKU to find out the SKU name
2. Created a dynamic group without knowing which syntax to use :D
3. Used this dynamic membership rule as a workaround:
(user.assignedPlans -any ((assignedPlan.service -match "NAME") -and (assignedPlan.capabilityStatus -eq "Enabled")))
(I found the ServicePlan names via Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq “ENTERPRISEPREMIUM”} | ForEach-Object {$_.ServiceStatus}
Thank you ina advance.
Patrick :)
I also encountered through the same problem as PatrickF11
I went through all the suggestion with no luck
I want to create a dynamic group with all the user who has been assigned with office 365 e5 licenses.I entered this to the Rule syntax box;
user.assignedPlans -any (assignedPlan.servicePlanId -eq "70d33638-9c74-4d01-bfd3-562de28bd4ba" -and assignedPlan.capabilityStatus -eq "Enabled")
Obviously change the SKU to the product you need which can be found here: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference
worked perfectly.
- Thank you Josh, at this moment i already know how to deal with that. 🙂
The linked article from Thijs Lecomte is really great, although I had to taught this by myself.This works perfectly for the dynamic group:
user.assignedPlans -any (assignedPlan.service -eq "TeamspaceAPI" -and assignedPlan.capabilityStatus -eq "Enabled")
To get Service names you can run PowerShell:Get-AzureADUser -SearchString "UserName" | Select -ExpandProperty AssignedPlans
The whole idea is that you can combine results by the part of the name using "contains" (to get all users licensed for AAD for. instance). I use it to get all users with any Teams License for any E or F licenses.
For the license separation you can use name that only exisit for the E3/E5 plan but you can do the same with Service Plan IDs.
I hope it helped.
- Yes you can do this using any of your serviceplan ID and status. user.assignedPlans -any (assignedPlan.servicePlanId -eq "serviceplanID" -and assignedPlan.capabilityStatus -eq "Enabled")
You can do this using the following advanced rule
(user.assignedPlans -any (assignedPlan.servicePlanId -eq "<servicePlanId>" -and assignedPlan.capabilityStatus -eq "Enabled"))You can lookup service plan ids by using the Graph Explorer and looking at licenseDetails on a user that has the desired license assigned.
https://graph.microsoft.com/v1.0/users/someperson@yourdomain.tld/licenseDetailsLook in the resulting output for the specific thing to key off.
Links
Hi Steven-H
Thanks for your reply, this is nearly the same of what i'm using at the moment.
(Except that u use the id and not the name.)
Edit: I didn't think about the approach via the graph, thank you 🙂
I was wondering if you have found a solution to creating a dynamic group based on license. I am looking to the do the same.
Thank you,
Steve
PatrickF11 sadly, this is (one of the many) limitation of the Graph, there's no going around it. Until they give us proper filtering capabilities, but doesn't look like much is happening on that front either.
You can of course always filter them "client-side" and use the resulting set of users to populate some other attribute, which you can then use to create the dynamic membership rule.
Hi if these users are using dedicated devices, you could set the dynamic group to target device model type. This is how we run our dynamic groups....
- Why don’t u use licensing groups to assign licenses? If you don’t want to use this group for more, just create a dynamic group that pulls members of it?
adam deltinger I don't want to assign licenses.
I want all users with a specific license to make Self Service Password Reset available.
This is why i want to create a dynamic group with all users with a specific license.
