Azure has a very nice feature called ‘Dynamic Groups‘. We use these in our customer tenants to dynamically generate a group with actual users, excluding Guest accounts (marked with #EXT#).
As I couldn’t find any articles detailing how to create a Dynamic Group through the Graph API, I’m posting this for whoever it helps 🙂
$dynamicGroupProperties = @{ "description" = "Dynamic Group Created through the Graph API"; "displayName" = "Dynamic Group Created through the Graph API"; "groupTypes" = @("DynamicMembership"); "mailEnabled" = $False; "mailNickname" = "testnickname"; "membershipRule" = "(user.userPrincipalName -notContains `"#EXT#@`") -and (user.userType -ne `"Guest`")"; "membershipRuleProcessingState" = "On"; "securityEnabled" = $True } invoke-webrequest -Headers $headerParams -uri "https://graph.microsoft.com/beta/groups" -Body (ConvertTo-Json $dynamicGroupProperties) -method POST -Verbose
If you’re not yet used to working with the Graph API, read up on how to connect to the Graph API using Powershell.