AD Users | Enforce License Profile rule
Rule description
This hybrid rule queries the specified Active Directory scope and each user that satisfies specific criteria assigns the selected license profile to the related Microsoft 365 account.
For more information about license profiles please see License Profiles.
When to use this rule
You can use this rule in the following scenarios:
Enforce license profiles to hybrid users in bulk.
Report about license profiles that are currently assigned to users.
Clear license profiles currently assigned to users and keep existing licenses.
Clear license profiles currently assigned to users and revoke existing licenses.
Reapply currently assigned profiles.
Rule settings
Query Section
| Setting name | Description |
|---|---|
| General Settings | |
Limit AD scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to a specific OU. IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature. |
AD query criteria |
Query criteria are sent with the query and may improve query performance. TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings. |
Filter AD query results |
Set the filtering conditions to hide unwanted data based on criteria not supported in the Query criteria setting. Example: filter by the found object Distinguished Name. TIP: For optimal performance, use the Query criteria setting above to filter objects whenever possible. |
Apply to unlicensed users only |
Apply licenses to unlicensed users only or all users. Tip: Configuring this setting to Yes will significantly improve performance for initial license assignment to newly created user accounts. |
Exclude Office 365 disabled users |
This setting allows to exclude Office 365 disabled users from the rule scope or to include them. |
Filter Office 365 query results |
To hide unwanted data returned by the query, set the filtering conditions. |
Include users with this profile |
Specify with which profiles users should be included in the query scope: Any profile. Profile not set.Profile that is selected from the list of configured profiles. |
More options | |
Returned properties |
To display additional Office 365 properties for each object found by the query, add those properties to the list. |
Sort by |
Sort result objects list. |
Exclude disabled users from hybrid mapping |
Specify if disabled AD user accounts should be excluded from the hybrid mapping. |
Exclude shared mailboxes |
Specify if shared mailboxes should be excluded. |
Maximum number of users |
By default, all objects that you have provisioned in Microsoft Office 365 are returned. TIP: It is possible to change the default value in the extension settings. |
Stop rule if errors exceed |
Too many errors may indicate rule misconfiguration or problems with connectivity. Set this value to some integer value, indicating the number of occurred errors, when the rule execution should stop. |
Initialization script | |
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: Example: Update AD users, created in the last ten days.
|
Action section
| Setting name | Description |
|---|---|
| Run mode |
Two options are possible:
|
| License profile |
Select one of the configured license profiles or specify if:
|
| Users with deleted profiles |
Specify what should be done if the license profile should be reapplied but this profile was deleted:
|
| Free selection behavior |
Specify if the license with the Free selection enforcement option should be assigned to a user:
|
|
Change Usage Location only if not set |
Specify whether to keep the current user's usage location or change it to a new one. |
Usage Location |
Select the usage location. IMPORTANT: If Microsoft 365 user accounts don't have a location attribute set, Microsoft 36 license won't apply to them, and the rule will stop with the error. If you use Usage Location from AD value for this setting, you must be sure all Active Directory user accounts, that fall under this rule this, have a location attribute set. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule Section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 13.1 | The Stop rule if tenant licensing change detected setting has been deprecated. |
Comments
0 comments
Please sign in to leave a comment.