Dynamic group membership based on single domain
Posted by Puzzleheaded-Mud-884@reddit | sysadmin | View on Reddit | 4 comments
Is there a straightforward way to have a dynamic group membership rule to add all users in one specific domain within a tenant? When I try to use -endsWith with any combination of values such as "@domain.com" or "domain.com" or "*@domain.com" it says that its an invalid operator.
Is there really no easy way to create a security group based on a single domain?
MrYiff@reddit
Don't forget Dynamic User Security groups in Entra ID require each user to have an Entra ID P1 license, only dynamic computer groups are free.
Daphoid@reddit
(user.mail -contains "banana.com")
should do it. or (user.mail -contains "*@banana.com")
I'm not on my work PC, but I most definitely have groups that do this all day every day. I might've used a regex too (where $ searches from the end of the string)
RedditTechAtWork@reddit
Can confirm "(user.mail -contains "banana.com")" works even without the @. (The @ works as well)
Or
(user.principalname -contains "@banana.com")
AppIdentityGuy@reddit
Are 5hese users synched from on prem?