Hey folks,
I'm having a bit of a dilemma with creating a dynamic security group in Entra ID that filters users based on their `employeeId`. Specifically, I'm trying to set up a rule to include any user whose employee ID is either greater than or equal to 100, using the following syntax:
(user.employeeId -gt "100")
or
(user.employeeId -ge "100")
However, whenever I attempt to create or validate this rule, I encounter an error message stating:
"Unable to complete due to service connection error. Please try again later."
There's also a grey question mark icon during the validation process, and ultimately, the group won't save.
I've ensured that my Entra ID tenant is in good standing and has no network or service issues, and I've confirmed that other operators work, such as equality checks:
(user.employeeId -eq "100")
That one works perfectly for identifying users with an employeeId of 100. It seems that the greater than (`-gt`) and greater than or equal (`-ge`) operators are just not functioning with this attribute.
Has anyone experienced a similar issue or have insights into what's causing this? Any help would be greatly appreciated! Thanks!
2 Answers
It looks like `employeeId` is being treated as a string in your setup, which is why the numeric comparison operators aren’t working. You can only compare strings for equality, not for greater than. One workaround is to convert the string to a number in your rule like this:
([int]user.employeeId -gt "100")
That should let you use numeric comparisons without any issues!
Yep, `employeeId` is definitely a text field, and that's why you can't use numeric operators. If you really need to enforce that kind of comparison, another option is to set up Azure Automation with PowerShell. You can schedule it to run daily, where it pulls all users and their employee IDs, then manages group membership based on that.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures