To create membership queries for dynamic groups in the Google Admin console, you can use default standard attributes, custom attributes that you create, or both.
On this page
- Use standard attributes
- Use custom attributes
- Automatically include user in dynamic group
- Exclude users from dynamic group
Use standard attributes
When you create a dynamic group in the Admin console, you select standard attributes from the Conditions list. You can use all of the attributes in the following table to create membership queries for dynamic groups.
Attribute |
Sample code |
---|---|
Country addresses.country |
user.addresses.exists(address, address.country == 'Canada') |
Country code addresses.country_code |
user.addresses.exists(address, address.country_code == '555') |
Custom address type addresses.custom_type |
user.addresses.exists(address, address.custom_type=='Custom address type') |
Extended address addresses.extended_address |
user.addresses.exists(address, address.extended_address=='California, USA') |
Address locality addresses.locality |
user.addresses.exists(address, address.locality=='Southern California') |
Zip / Postal code addresses.postal_code |
user.addresses.exists(address, address.postal_code=='94040') |
PO box addresses.po_box |
user.addresses.exists(address, address.po_box=='87132') |
Is address primary addresses.primary |
user.addresses.exists(address, address.primary==true) |
Region addresses.region |
user.addresses.exists(address, address.region=='Southwest') |
Street address addresses.street_address |
user.addresses.exists(address, address.street_address=='123 Fake St') |
Address type addresses.type |
user.addresses.exists(address, address.type==1) |
Email address emails.address |
user.emails.exists(email, email.address.startsWith('')) |
Custom email type emails.custom_type |
email.address.startsWith('[email protected]') |
Is email primary emails.primary |
user.emails.exists(email, email.primary==true) |
Email type emails.type |
user.emails.exists(email, email.type==1) |
Custom external ID type external_ids.custom_type |
user.external_ids.exists(id, id.custom_type.startsWith('runner')) |
External ID type external_ids.type |
user.external_ids.exists(id, id.type==3) |
External id external_ids.value |
user.external_ids.exists(id, id.value=='') |
Gender pronouns gender.address_me_as |
user.gender.address_me_as=='they/them' |
Custom gender type gender.custom_gender |
user.gender.custom_gender.startsWith('custom gender') |
Gender type gender.type |
user.gender.type==3 |
Custom IMS protocol ims.custom_protocol |
user.ims.exists(im, im.custom_protocol.startsWith('custom')) |
Custom IMS type ims.custom_type |
user.ims.exists(im, im.custom_type.startsWith('custom')) |
Standard IMS protocol ims.standard_protocol |
user.ims.exists(im, im.standard_protocol==7) |
Is IMS primary ims.primary |
user.ims.exists(im, im.primary==true) |
IMS type ims.type |
user.ims.exists(im, im.type==3) |
Instant messenger ims.value |
user.ims.exists(im, im.value=='chat') |
Custom keyword type keywords.custom_type |
user.keywords.exists(keyword, keyword.custom_type.startsWith('contractor')) |
Keyword type keywords.type |
user.keywords.exists(keyword, keyword.type==3) |
Keyword keywords.value |
user.keywords.exists(keyword, keyword.value=='engineer') |
Language code languages.language_code |
user.languages.exists(language, language.language_code=='English') |
Location area locations.area |
user.locations.exists(loc, loc.area=='Near San Francisco') |
Building id locations.building_id |
user.locations.exists(loc, loc.building_id=='') |
Custom location type locations.custom_type |
user.locations.exists(loc, loc.custom_type=='Region') |
Desk code locations.desk_code |
user.locations.exists(loc, loc.desk_code=='Desk 37') |
Floor name locations.floor_name |
user.locations.exists(loc, loc.floor_name=='') |
Floor section locations.floor_section |
user.locations.exists(loc, loc.floor_section=='') |
Location type locations.type |
user.locations.exists(loc, loc.type==1) |
Last name name.family_name |
user.name.family_name=='' |
First name name.given_name |
user.name.given_name=='' |
Name name.value |
user.name.value=='' |
Cost center organizations.cost_center |
user.organizations.exists(org, org.cost_center=='') |
Custom organization type organizations.custom_type |
user.organizations.exists(org, org.custom_type=='nonprofit') |
Department organizations.department |
user.organizations.exists(org, org.department=='') |
Organization description organizations.description |
user.organizations.exists(org, org.description=='search provider') |
Domain organizations.domain |
user.organizations.exists(org, org.domain=='example.net') |
Organization location organizations.location |
user.organizations.exists(org, org.location=='California') |
Organization name organizations.name |
user.organizations.exists(org, org.name=='Google') |
Is organization primary organizations.primary |
user.organizations.exists(org, org.primary==true) |
Organization symbol organizations.symbol |
user.organizations.exists(org, org.symbol=='GOOG') |
Job title organizations.title |
user.organizations.exists(org, org.title=='') |
Organization type organizations.type |
user.organizations.exists(org, org.type==2) |
Custom phone type phones.custom_type |
user.phones.exists(phone, phone.custom_type.startsWith('new type')) |
Is phone primary phones.primary |
user.phones.exists(phone, phone.primary==true) |
Phone type phones.type |
user.phones.exists(phone, phone.type==11) |
Phone number phones.value |
user.phones.exists(phone, phone.value=='') |
Custom relation type relations.custom_type |
user.relations.exists(rel, rel.custom_type=='example') |
Relation value relations.value |
user.relations.exists(rel, rel.value=='Sundar') |
Relation type relations.type |
user.relations.exists(rel, rel.type==12) |
Custom website type websites.custom_type |
user.websites.exists(site, site.custom_type.startsWith('creative writing')) |
Is website primary websites.primary |
user.websites.exists(site, site.primary==true) |
Website type websites.type |
user.websites.exists(site, site.type==2) |
Website websites.value |
user.websites.exists(site, site.value=='google.com') |
Ancestor organizational unit org_units.org_unit_id |
user.org_units.exists(org_unit, org_unit.org_unit_id==orgUnitId('')) |
Manager user id managers.user_id |
user.managers.exists(manager, manager.user_id==userId('')) |
Is archived archived |
user.archived==true |
Change password at login change_password_at_next_login |
user.change_password_at_next_login==true |
2-step verification enforced is_2sv_enforced |
user.is_2sv_enforced==true |
2-step verification enrolled is_enrolled_in_2sv |
user.is_enrolled_in_2sv==true |
Is mailbox setup is_mailbox_setup |
user.is_mailbox_setup==true |
Primary email primary_email |
user.primary_email=='' |
Is suspended suspended |
user.suspended==true |
Reason of suspension suspension_reason |
user.suspension_reason==4 |
Parent organizational unit org_unit_id |
user.org_unit_id==orgUnitId('') |
Gender Gender.Gender |
user.custom_schemas.Gender.Gender.exists(G, G=='') |
Ethnicity Ethnicity.Ethnicity |
user.custom_schemas.Ethnicity.Ethnicity.exists(E, E=='') |
Use custom attributes
When you create a membership query in the Admin console, custom attributes appear after standard attributes in the Condition list.
If you run a query that contains a custom attribute and the query returns zero members, the attribute properties might be incorrectly set in the Groups API. Specifically, the “indexed” property needs to be set to true. For details, go to Custom user attributes.
Automatically include user in dynamic group
You can edit a user's account information so that it matches the query conditions to automatically include the user in a dynamic group. You edit any of a user’s account details using the Directory API. For details, go to Update a user account.
You can also edit some user account details in the Admin console, typically from the Users page, including:
2-Step Verification enforced | 2-Step Verification enrolled |
Address type | Ancestor organizational unit |
Building ID | Change password at login |
Cost center | Department |
Email address | Email type |
External ID | First name |
Floor name | Floor section |
Is archived | Is email primary |
Is mailbox setup | Is suspended |
Job title | Last name |
Manager user ID | Name |
Parent organizational unit | Phone number |
Phone type |
Exclude users from dynamic group
To add only users who do not meet a condition, create a condition for the dynamic group and then click Exclude . For example, to create a group containing only users who don’t live in the U.S., you create the condition “Country code equals US” and then click Exclude . In the query, you get an exclamation point (!) for the exclusion.
For some custom queries with the “exists” parameter, you can’t use the exclude option. For details, go to Formulating and testing your query.