I forgot to mention. The main reason why we use the employeeType extension is because the Dynamic Rules in groups doesn’t include user.employeeType. Kind of a head scratcher why they haven’t included that.

Hah! We get this kind of thing all the time as we maintain the content of the Office 365 for IT Pros eBook…

I actually checked again and it appears to populate now after 2 years of using this script
Get-MgUser -UserId -Property employeetype |select employeetype

EmployeeType
————
Employee

Got it. Good reason!

It doesn’t populate from AD Connect so we have to use the extension.

There is an EmployeeType property. Is there any reason why you don’t use it?

For managers, we utilize EmployeeType property in AD (employee, contractor, service, etc).
I populate a group of just managers of employees & contractors.

$users = Get-MgUser -Filter “employeeId ne null” -all -ConsistencyLevel eventual -CountVariable CountVar
ForEach ($user in $users){
if (Get-MgUserDirectReport -UserId $user.id -All) {

$manager = $user
#get all direct reports
$allDirects = Get-MgUserDirectReport -UserId $manager.id -All

# add manager to manager array if the employeetype of the direct report is valid.
foreach ($direct in $allDirects) {
$employeeType = (Get-MgUser -UserId $direct.id -Property extension_72865f8793294a44b04f437101a06033_employeeType).additionalproperties.extension_72865f8793294a44b04f437101a06033_employeeType
if (($employeeType -eq “Employee”) -or ($employeeType -eq “Vendor”) -or ($employeeType -eq “Temp”) -or ($employeeType -eq “Contractor”)) {
$managers += $manager

# we only need to find one valid direct report, then we can move to the next manager.
break
}
}
}
}

I then compare the array to the existing group members and add or subtract if needed.
It takes about 10 min to run for 3000 users.

I believe that point is made in the article.