建立動態群組並檢查狀態Create a dynamic group and check status

在 Azure Active Directory (Azure AD) 中,您可以使用規則來決定使用者或裝置的屬性為基礎的群組成員資格。In Azure Active Directory (Azure AD), you can use rules to determine group membership based on user or device properties. 這篇文章說明如何設定 Azure 入口網站中的動態群組規則。This article tells how to set up a rule for a dynamic group in the Azure portal. 安全性群組或 Office 365 群組支援動態成員資格。Dynamic membership is supported for security groups or Office 365 groups. 套用的群組成員資格規則時,使用成員資格規則的比對的使用者和裝置屬性會接受評估。When a group membership rule is applied, user and device attributes are evaluated for matches with the membership rule. 當屬性變更為使用者或裝置時,組織中的所有動態群組規則處理成員資格變更。When an attribute changes for a user or device, all dynamic group rules in the organization are processed for membership changes. 使用者和裝置新增或移除符合的條件群組。Users and devices are added or removed if they meet the conditions for a group.

如需更多的語法、 支援的屬性、 運算子和值的成員資格規則的範例,請參閱的 Azure Active Directory 中群組動態成員資格規則For examples of syntax, supported properties, operators, and values for a membership rule, see Dynamic membership rules for groups in Azure Active Directory.

建立群組成員資格規則To create a group membership rule

  1. 登入Azure AD 系統管理中心中全域管理員、 Intune 系統管理員或在租用戶中的使用者系統管理員角色的帳戶。Sign in to the Azure AD admin center with an account that is in the Global administrator, Intune administrator, or User administrator role in the tenant.

  2. 選取 [群組] 。Select Groups.

  3. 選取 [所有群組] ,然後選取 [新增群組] 。Select All groups, and select New group.

    選取要加入新群組的命令

  4. 群組頁面上,輸入名稱和新群組的描述。On the Group page, enter a name and description for the new group. 選取 成員資格類型作為使用者或裝置,然後選取新增動態查詢Select a Membership type for either users or devices, and then select Add dynamic query. 您可以使用規則建立器來建置簡單的規則,或自行撰寫的成員資格規則You can use the rule builder to build a simple rule, or write a membership rule yourself.

    新增動態群組的成員資格規則

  5. 若要查看可供您的成員資格查詢的自訂延伸模組屬性To see the custom extension properties available for your membership query

    1. 選取取得自訂的延伸模組屬性Select Get custom extension properties
    2. 輸入應用程式識別碼,然後選取重新整理屬性Enter the application ID, and then select Refresh properties.
  6. 建立規則之後,在刀鋒視窗的底部選取 [新增查詢] 。After creating the rule, select Add query at the bottom of the blade.

  7. 選取 [更多服務] on the 來建立群組。Select Create on the Group blade to create the group.

如果您輸入的規則不是有效的項目,說明為什麼無法處理此規則會顯示在入口網站的右上角。If the rule you entered isn't valid, an explanation of why the rule couldn't be processed is displayed in the upper-right corner of the portal. 仔細閱讀,了解如何修正此規則。Read it carefully to understand how to fix the rule.

開啟或關閉歡迎電子郵件Turn on or off welcome email

建立新的 Office 365 群組時,會新增至群組的使用者頁面時,會傳送歡迎畫面的通知。When a new Office 365 group is created, a welcome notification is sent the users who are added to the group. 稍後,如果使用者或裝置的任何屬性變更時,組織中的所有動態群組規則處理成員資格變更。Later, if any attributes of a user or device change, all dynamic group rules in the organization are processed for membership changes. 新增的使用者隨後也會收到歡迎通知。Users who are added then also receive the welcome notification. 您可以關閉此行為Exchange PowerShellYou can turn off this behavior in Exchange PowerShell.

檢查規則的處理狀態Check processing status for a rule

您可以在群組的 [概觀] 頁面上看到成員資格處理狀態和上次更新日期。You can see the membership processing status and the last updated date on the Overview page for the group.

顯示的動態群組狀態

可能會針對成員資格處理狀態顯示下列狀態訊息:The following status messages can be shown for Membership processing status:

  • 評估中:已收到群組變更,而且正在評估更新。Evaluating: The group change has been received and the updates are being evaluated.
  • 處理中:正在處理更新。Processing: Updates are being processed.
  • 更新完成:處理已完成,並已建立所有適用的更新。Update complete: Processing has completed and all applicable updates have been made.
  • 處理錯誤:無法完成處理,因為評估成員資格規則時發生錯誤。Processing error: Processing couldn't be completed because of an error evaluating the membership rule.
  • 已暫停更新:系統管理員已暫停動態成員資格規則更新。Update paused: Dynamic membership rule updates have been paused by the administrator. MembershipRuleProcessingState 設定為「已暫停」。MembershipRuleProcessingState is set to “Paused”.

可能會針對成員資格上次更新狀態顯示下列狀態訊息:The following status messages can be shown for Membership last updated status:

  • <日期和時間>:上次更新成員資格的時間。<Date and time>: The last time the membership was updated.
  • 進行中:目前正在更新。In Progress: Updates are currently in progress.
  • 未知:無法擷取上次更新時間。Unknown: The last update time can't be retrieved. 此群組可能是新的。The group might be new.

如果處理特定群組的成員資格規則時發生錯誤,則會在群組的 [概觀] 頁面頂端顯示警示。If an error occurs while processing the membership rule for a specific group, an alert is shown on the top of the Overview page for the group. 如果無法處理租用戶內所有群組 24 小時內的暫止動態成員資格更新,則會在 [所有群組] 頂端顯示警示。If no pending dynamic membership updates can be processed for all the groups within the tenant for more then 24 hours, an alert is shown on the top of All groups.

處理錯誤的訊息警示

這些文章提供有關 Azure Active Directory 中群組的其他資訊。These articles provide additional information on groups in Azure Active Directory.