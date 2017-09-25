Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.

Read through the FAQ archives, or send him your questions via email.

Q. How can I search for users in AD using multiple words in their title?

Dept - AD

A. If you need to find all users that have certain words in their title in any order the easiest way is to just use a filter that has multiple -like operators, one for each part of the title. For example to find all users that have the words Security and Manager in the title I could use:

Get-ADObject -Filter {(title -like "*Manager*") -and (title -like "*Security*")} | Sort-Object -Property Name

Q. How can I create an Azure AD dynamic group that checks for a combination of words?

Dept - Azure AD

A. A dynamic group enables rules to be configured that define the criteria for users to be made members of the group. There is an advanced rule option that enables a combination of attributes to be checked. To check for a combination of words simply use multiple -contains checks, for example:

user.jobTitle -contains "Security" -and user.jobTitle -contains "Manager"

Q. I changed my Azure AD dynamic group rule however the membership is not changing, why?

Dept - Azure AD

A. Dynamic group membership is updated frequently but not instantly. Typically I see a 5 minute lag between changing my dynamic rule and the new membership being reflected. This time could be longer for large Azure AD environments. If after 30 minutes the membership has not changed double check your rule logic.