We are currently investigating how to implement this. The expiration status is not a directory attribute so it is not straight forward how to sync it.
An error occurred while saving the commentAkos Regi commented
AAD Connect can synchronize changes on objects. If the account Expires is reached, there is usually no change on the object itself => there is nothing to synchronize. I think, this feedback should be raised for the Windows Directory Services team to ask them, to implement an internal AD trigger, where the accountExpires would disable the account if the time of expiry is reached….
227 votes39 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Admin →
We are investigating what it would take to add support for multi-value attributes in Dynamic Groups to enable this and related scenarios.
Kristina Bain Smith