Ability to trigger a dynamic group update
It would be wonderful if there was a way to trigger a re-sync of dynamic groups after changes are made. Right now some changes take over 24 hours to show and when experimenting with new dynamic rules it makes it difficult to see results. The trigger could be something like the Reset and Resync box in Enterprise Apps provisioning or just a Powershell applet that can be run.
Bill Kaage
shared this idea
Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.
64 comments
-
Stefanski, Patrick J
commented
Ugh. It's frustrating that this is even a question. It's not a feature request, it's a break-fix. This is broken, there's no excuse for it not being treated as something that must be urgently fixed.
AD has always sucked, but AAD is worse. You guys should have bought e-Directory from Novell when they went under. At that point they emulated AD better than Microsoft, so no compatibility issues, and then you'd have had a real, standards based X.500 directory to build your cloud ecosystem out with, instead of scaling out the bolt-ons-bolted-on-to-the-bolt-ons garbage.
Really wish there were better alternatives for enterprise users.
-
Mike
commented
Any update on this. It can really be useful.
-
Colin
commented
This really needs to be addressed...
-
Anonymous
commented
Has that timeline been decided yet? the lack of this feature is just ridiculous.
-
Anonymous
commented
the whitespace trick doesn't seem to work anymore, group 'last update' value stays the same and no changes are made in group members
-
Olav Rønnestad Birkeland
commented
After I changed membership rule on a dynamic user group membership today, 1 hour later it still haven't reevaluated membership. There needs to be a way to trigger a recheck of membership. Or at least saving a changed query should trigger membership evaluation instantly.
-
Adam Sher
commented
A workaround that seemed to do the trick for me was to add a redundant expression, save, remove the redundant expression, then save again.
For example, changing:
(device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company")
to:
(device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company") and (device.deviceOwnership -eq "Company")
then back to:
(device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company") -
Jim Barr
commented
Let's see... a feature request that has been sought after for well over a year, no indication when dynamic updates are successfully updated, and a jerkwater workaround that attempts to "trick" the system into functioning properly offered as a tier 2 solution... all from our friends at the Monopoly of the Century known as Microsoft. When will this company take their victims, er customers seriously?
-
Alessandro Fabiani
commented
For me no workaround works. Neither blank space or totally change the query. Update is just stuck for ages. This is really a no-go for any serious Intune implementation. There is no way that any Enterprise will decide to switch-off any on-prem solution at this stage.
-
Anonymous
commented
The white space trick does not work for me. I add a keyword to a user's account that the rules in my dynamic group are looking for. I add the white space to the end of my membership rule, the processing says complete, but it still can take hours for my user to show in the group. I am ready to switch this to a static group just so I can get my project rolled out.
-
Office 365 Admin
commented
Need this implemented asap!!
-
Midtbø, Atle
commented
This needs to be implemented ASAP.
-
Anonymous
commented
I would like to be able to force a dynamic M365 group to sync using powershell or via the GUI.
-
Anonymous
commented
What a brutal group. Put yourself in their shoes and then add 10k tasks to your todo list. Its not like Intune and AAD have been around as long as AD. If you are old enough to remember AD in 2000, you would no there no instant gratification with it either.
-
Leroy Simon
commented
connect-azuread
import-module azureadpreview -force
set-azureadmsgroup -id <group objectid> -membershipruleprocessingstate "paused"
set-azureadmsgroup -id <group objectid> -membershipruleprocessingstate "on"This will force a group membership enumeration.
-
Imre
commented
In our case the dynamic group was paused and we were not able to make it continue again.
For me the solution was not adding a white space but to copy the dynamic rule to a notepad first. Then change the properties from dynamic to assigned (this will retain all members). Then change it back to dynamic and add the rule back from the notepad.
-
[Deleted User]
commented
In our case the dynamic group was paused and we were not able to make it continue again.
For me the solution was not adding a white space but to copy the dynamic rule to a notepad first. Then change the properties from dynamic to assigned (this will retain all members). Then change it back to dynamic and add the rule back from the notepad.
-
We are still recommending the workaround to trigger reprocessing by updating membership rule to add a whitespace at the end and save the group. The feature team is also working on improving Dynamic group performance which will help address this issue as well.
-
Anonymous
commented
Dynamic groups are 100% useless right now, the lack of update controls is fatal and they can't be used in production in any meaningful way. This is espicially troubling since support advises using them but you can have no control over them at all. If I worked at Microsoft this would be my priority. Product manager should be fired.
-
Darren
commented
Would be very much welcomed as causes delays in project work / testing.
