Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Ability to trigger a dynamic group update

It would be wonderful if there was a way to trigger a re-sync of dynamic groups after changes are made. Right now some changes take over 24 hours to show and when experimenting with new dynamic rules it makes it difficult to see results. The trigger could be something like the Reset and Resync box in Enterprise Apps provisioning or just a Powershell applet that can be run.

648 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Bill Kaage shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
under review  ·  Azure AD Team responded  · 

Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.

76 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jonathan commented  ·   ·  Flag as inappropriate

    This is incredibly needed.
    Enrollment process is a PITA because of the period of waiting ...

  • Marina Maier commented  ·   ·  Flag as inappropriate

    We have the same problem. The synchronization takes about 12 hours per user. We need a total of 140 users and depend on this function. For this reason we need a result and improvement as soon as possible.

    I am already in contact with Azure Support and ask for a quick fix.

  • Nico commented  ·   ·  Flag as inappropriate

    I also have some dynamic groups that are not updating, others will?

  • Ryan Spooner commented  ·   ·  Flag as inappropriate

    This is very much needed. Having to wait for hours, if not days, for a dynamically populated group to update is frustrating to say the least, especially when that group currently has members in it that you don't want to be (eg. license assignment).

  • UV commented  ·   ·  Flag as inappropriate

    We found out last week, that there are still some issues with dyn groups updates that are sometimes super-slow (we use groups that are bigger than 10k devices), or where the new group members are not reflected in timely manner in the Autopilot enrollment profiles, that we target using these groups.

    A friend of mine managing smaller tenants (<100 devices), also had this issue, or sometimes groups not repopulating at all, so there is probably a global backend performance problem somewhere... As usual with Intune support when you report them such problems : this is "work in progress", or problem simply disappears the next day when they come back to you, and you have to close the ticket :-(.

    IMO, I would not ask to have a button to re-evaluate the group : I just want the group to be populated quickly and with no bugs.

  • Scott Jones commented  ·   ·  Flag as inappropriate

    Microsoft. Please fix this ASAP. In the meantime, please re-enable the workaround. Our customers are suffering while this is not working properly.

  • BUELENS Geert commented  ·   ·  Flag as inappropriate

    The workaround (updating the membership rule) is not working...
    And this request is already 3 years old. I'm really wondering if Azure/O365 is the right tool to go for...

  • PATRICK, MARTIN commented  ·   ·  Flag as inappropriate

    This is a real problem and Microsoft will need this voted up more before they consider doing anything about this. Spam your coworkers with this link and ask them to vote.

  • Stefanski, Patrick J commented  ·   ·  Flag as inappropriate

    Ugh. It's frustrating that this is even a question. It's not a feature request, it's a break-fix. This is broken, there's no excuse for it not being treated as something that must be urgently fixed.

    AD has always sucked, but AAD is worse. You guys should have bought e-Directory from Novell when they went under. At that point they emulated AD better than Microsoft, so no compatibility issues, and then you'd have had a real, standards based X.500 directory to build your cloud ecosystem out with, instead of scaling out the bolt-ons-bolted-on-to-the-bolt-ons garbage.

    Really wish there were better alternatives for enterprise users.

  • Duwe commented  ·   ·  Flag as inappropriate

    Has that timeline been decided yet? the lack of this feature is just ridiculous.

  • Anonymous commented  ·   ·  Flag as inappropriate

    the whitespace trick doesn't seem to work anymore, group 'last update' value stays the same and no changes are made in group members

  • Olav Rønnestad Birkeland commented  ·   ·  Flag as inappropriate

    After I changed membership rule on a dynamic user group membership today, 1 hour later it still haven't reevaluated membership. There needs to be a way to trigger a recheck of membership. Or at least saving a changed query should trigger membership evaluation instantly.

  • Adam Sher commented  ·   ·  Flag as inappropriate

    A workaround that seemed to do the trick for me was to add a redundant expression, save, remove the redundant expression, then save again.
    For example, changing:
    (device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company")
    to:
    (device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company") and (device.deviceOwnership -eq "Company")
    then back to:
    (device.displayName -startsWith "tis-") and (device.deviceOwnership -eq "Company")

  • Jim Barr commented  ·   ·  Flag as inappropriate

    Let's see... a feature request that has been sought after for well over a year, no indication when dynamic updates are successfully updated, and a jerkwater workaround that attempts to "trick" the system into functioning properly offered as a tier 2 solution... all from our friends at the Monopoly of the Century known as Microsoft. When will this company take their victims, er customers seriously?

← Previous 1 3 4

Azure Active Directory: Groups/Dynamic groups

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice