Again, the user and group is provided. "Computers". What's the difference between a power rail and a signal line? However, by adding all first (and suppressing warnings/errors for duplicates), and then removing only non-matches, you 1) minimize the number of attribute updates to the AD object and 2) workaround the risk of somebody authenticating and missing a Security Group in their token, should they happen to come online . Above group contains all the users where the job title field contains the word Manager. Dynamic Membership based on Domain for Teams: To create a Dynamic membership MS team, create a Microsoft 365 group first with Dynamic membership in Azure Active directory. Sharing best practices for building any app with .NET. The following articles provide additional information on how to use groups in Azure Active Directory. Azure AD Dynamic Group based on Group Membership, The open-source game engine youve been waiting for: Godot (Ep. Thanks for contributing an answer to Server Fault! If Mathias was the one who helped you, then you should accept his answer. Above group can be used for deploying settings/apps/scripts to all Android devices. This is only applicable when a group is newly created or the rule was recently edited or the Pause Processing setting is changed. Most of our users have the UPN say *@abc.com, but about 10% have the *@xyz.com. Was Galileo expecting to see so many stars? No, it is not currently possible to use group membership as a part of the query for a dynamic group. In addition I made sure that the sub-OUs groups got added to the parent OUs security group where it fitted. Is there a way to create dynamic group base on AutoPilot? In Azure Active Directory, admins can create complex attribute-based rules to enable dynamic memberships for groups. A binaryoperator is nothing other than a conditional operator like -ne,-eq, -contains -match. The rightconstant is a constant value specific to your requirement; for example, if you want to create a group for all IT users, it is IT.. After the AU is created, go into the properties of the AU, and change the membership type to Dynamic User. The functions are inefficient and provide no inherent value; both functions 1. double the amount of calls to be made, 2. Not sure if this scales well in a big company, but the script only use a few minutes in our 300 user company. Validate Azure AD Dynamic Group Rules | Intune, Validate Azure AD Dynamic Group Rules (howtomanagedevices.com), Windows 11 Versions Numbers Build Numbers, https://www.anoopcnair.com/fetch-azure-ad-details-microsoft-graph-api-via-web-browsers/, https://docs.microsoft.com/en-us/microsoft-store/add-profile-to-devices#device-information-file-format, You also have the option to validate the Azure AD query from. Making statements based on opinion; back them up with references or personal experience. http://ravingroo.com/458/active-directory-shadow-group-automatically-add-ou-users-membership/. You can use rules to determine group membership based on user or device properties In Azure Active Directory (Azure AD), part of Microsoft Entra. OK,here we go witha grouping of Android devices. This is customAttribute11 in Exchange Online. AAD groups dont have that granularity in creating dynamic query rules if you compare them with WQL query rules. Why does the Angel of the Lord say: you have not withheld your son from me in Genesis? Just replace Get-AdUser to Get-ADComputer in the source script. From the AADConnect server click start, and type syncyou should see the 'Synchronization Rules Editor'. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Azure AD supports dynamic device groups that are populated based on device hardware capabilities. I put the full OU in CustomAttribute13 wich a value of 'narnia' in case you want to create a dynamic distribution list to include all your domain users. You can then assign administrators to specific OUs, and apply group policy to enforce targeted configuration settings. Perhaps you only need the the second expression example to create your DDG. I wondered however if you could let me know how you found that you should use deviceOSType when I created dynamic groups for users it it is easy to get a list of attributesnot sure how to do the same for devices. The rule builder supports up to five expressions. At what point of what we watch as the MCU movies the branching started? Using Dynamic groups requires Azure AD premium P1 license or Intune for Education license. Server Fault is a question and answer site for system and network administrators. You can use this group (for example) to deploy regional settings and/or apps. For examples of syntax, supported properties, operators, and values for a membership rule, see Dynamic membership rules for groups in Azure Active Directory. Start-ADSyncSyncCycle -PolicyType initial. Change color of a paragraph containing aligned equations. Find out more about the Microsoft MVP Award Program. Pay close attention to these settings, Link Type for example defaults to Provision which is incorrect this in scenario. Unlike the Windows device group, the iOS device AAD dynamic Device groupcant be created using a simple membership rule; rather, we should use the Advanced membership rule. Basically the goal of the dynamic group is to add devices where the registered owner or primary user have the UPN *@xyz.com. Essentially we need to create an inbound synchronization rule in Azure AD Connect to send the Distinguished Name from On-Premise Active Directory up to Office 365 as custom attributes. Schedule Windows 365 Cloud PC Reboots with Azure Automation. Select All groups and choose New group. Any number of Azure AD resources can be members of a single group. Above group contains all the users where the company field contains the word Barcelona or Madrid. To see the custom extension properties available for your membership query: Select Create on the New group page to create the group. Its time to find iOS devices (iPhone or iPad)in my environment via AAD Dynamicquery and group them intoan AAD dynamic group. However, an Azure AD device object stores limited hardware information, so those queries are also limited. In my opinion, DSQuery is the best option. Partially the Dynamic Access Control (DAC) . Later, if any attributes of a user or device(only in case of security groups) change, all dynamic group rules in the organization are processed for membership changes. But my dynamic group rule doesn't seem to be working. Re: Create a dynamic device group based on registered owner or primary user UPN? Sign in to the Azure AD admin center with an account that is in the Global administrator, Group administrator, Intune administrator, or User administrator role in the Azure AD organization. The forgotten feature. rev2023.3.1.43269. Also MS updated their Dynamic Groups page to include devices: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal. Strict management of Azure AD parameters is required here! Azure AD provides a rule builder to create and update your important rules more quickly. However, the new Azure portal has many options to create dynamic query rules. The author's blog contains additional information about the design and motives for the tool. In the first expression I am synchronising the full Distinguished Name from On-Premise AD to extensionAttribute10. To add more than five expressions, you must use the text box. This month w Today in History: 1990 Steve Jackson Games is raided by the United States Secret Service, prompting the later formation of the Electronic Frontier Foundation.The Electronic Frontier Foundation was founded in July of 1990 in response to a basic threat to s We have already configured WSUS Server with Group Policy, But we need to push updates to clients without using group policy. Microsoft Intune and Configuration Manager. Dynamic group can be either user based, or device based but you can't mix both users and devices in the same group. To group windows devices based on the operating system, its better to use simple queries via Azure portal GUI. About Dynamic Memberships for Groups. Users are automatically added or removed to the correct teams as user attributes change or users join and leave the tenant. You might see a message when the rule builder is not able to display the rule. http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html. Moreover, It's simply not exposed anywhere. Conditional Access Insights and reporting. The following status messages can be shown for Dynamic rule processing status: In this screen you now may also choose to Pause processing. What I would like to create is an "Everyone" type group that will include everyone except users that are in an ExceptionGroup. - last edited on We are using AD Sync to sync the users and computers with Azure AD and I can see the computers in AAD. PTIJ Should we be afraid of Artificial Intelligence? When syncing from on-premises AD, groups synced don't create O365 groups. Following is the dynamic query for the Android device group (device.deviceOSType -contains Android)., AnoopisMicrosoft MVP! A group with a defined OU filter goes beyond simple OU groups and OU-related site groups. We need to have two constant values like iPhone and iPad. Also note, we have triggers done on a task DC where it does a triggered event run when a new user is created or disabled. Dynamic group membership adds and removes group members automatically using membership rules based on member attributes. E.g. Connect and share knowledge within a single location that is structured and easy to search. Can be used for settings/apps which are required for all Windows 11 devices within the tenant. Making statements based on opinion; back them up with references or personal experience. You can create or edit rules directly by editing the syntax in the box below. Is it possible to create an Azure AD dynamic group based on the user's other group memberships, or can it only be dynamically assigned based on user properties? Previously, this option was only available through the modification of the membershipRuleProcessingState property. This in turn, limits the uses where Azure AD dynamic device groups can be used to target policies or applications in Microsoft Intune. Click Review + Create to finish the wizard. Here are some examples of advanced rules or syntax for which we recommend that you construct using the text box: The rule builder might not be able to display some rules constructed in the text box. If yes, could you please share out the solution? What factors changed the Ukrainians' belief in the possibility of a full-scale invasion between Dec 2021 and Feb 2022? This can be used if the department field contains the word Sales. 5 Sign in to comment Sign in to answer I will read your post now also as Graph is another area of interest to me. How To Send Email to Active Directory Group? 0 Likes Reply Pn1995 How can I recognize one? I can't share our script, but you can check this one https://github.com/microsoftgraph/powershell-intune-samples/blob/master/ManagedDevices/ManagedDevicefor inspiration. Or maybe somehow subscribe to some event system? @Vasil Michev- you can do it in Azure AD with the 'modern DL' called Office365 Groups haha using Microsoft verbiage here! However, by adding all first (and suppressing warnings/errors for duplicates), and then removing only non-matches, you 1) minimize the number of attribute updates to the AD object and 2) workaround the risk of somebody authenticating and missing a Security Group in their token, should they happen to come online while your script is running. 2) Microsoft has restricted the exposure of CN in Azure Schema. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Strict management of Azure AD parameters is required here! http://www.firstattribute.com/en/active-directory/ad-automation/dynamic-groups/. In this case i use iPad and iPhone in the same group. If you need a dynamic DL, those exist only in Exchange Online (not Azure AD) and you must use the Exchange cmdlets: New-DynamicDistributionGroup manager -RecipientFilter { (Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox')} You can navigate to the Azure AD dynamic group that you want to pause. So, using a scheduled job running a Powershell script I update the value of extensionAttribute9 to the DN if it has changed, and then our Azure Connect synchronization takes care of getting that data into Azure AD for the dynamic group member assignment. One Azure AD dynamic query can have more than one binary expression. Latest post Validate Azure AD Dynamic Group Rules | Intune. It does you're just narrow minded. Economy picking exercise that uses two consecutive upstrokes on the same string, Is email scraping still a thing for spammers. its gone. document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() ); Implement (Always On) Azure VPN Gateway, Deploy Azure VPN Client and VPN profile via Intune. This posting is provided "AS IS" with no warranties, and confers no rights. How does a fan in a turbofan engine suck air in? Login or For e.g. TechCommunityAPIAdmin. Today someone asked for Dynamic Group examples and where to use them for. There's any way to create this? Otherwise I could simply in AD Users&Computers manually click "Add, Advanced" and set Location to the OU, and dump in the contents. An example of a Powershell script to do that for a group membership would look something like this: Put that into a script that you run on a scheduled basis and then you create your dynamic Azure AD group membership based on the value in extensionAttribute4 (or whichever extensionAttribute you are not already using or prefer). The real work happens under Transformations. Learn more about Stack Overflow the company, and our products. Modern Workplace / Microsoft 365 Engineer. I can do this perfectly using Exchange Dynamic Distribution List, but of course, Ex DDL's are only for mail. See Microsofts full documentation on Dynamic Groups here. You zealot! At least it doesn't return an error so I believe it is giving me the correct data, even though the data isn't what I'd expect. 03:41 PM By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. You must have appropriate permissions to create Azure AD groups. You are right that PowerShell tool can help you to achieve your goal. Didn't find what you were looking for? Jun 12 2019 The rule builder supports the construction up to five expressions. By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. This response servies no purpose and adds no value to the question at all. The rule builder doesn't change the supported syntax, validation, or processing of dynamic group rules in any way. Learn two things from this post. Next, click Add dynamic query. You can set up a . In this case the user his Job Title field does not contain the word IT and therefor the validation gives a Not in group result. In the new pane on the right hit ' Edit ' to edit the Rule Syntax (this as the memberOf property can't be selected as a Property today). Here's an example how to automatically maintain group membership based on Department attribute, but it's very easy to modify it to do same thing based on the OU. Not the answer you're looking for? At best, it is a needs-work partial solution -- when a complete solution was already submitted and accepted. For example, you need to create a dynamic AD group based on OU. Use these groups to apply Autopilot deployment profiles to a group of devices. This is for O365 licensing, so by default all users will get a base O365 license, but users that need Project will have a different license applied. Hello. (device.deviceOSType -eq iPad) or (device.deviceOSType -eq iOS) or (device.deviceOSType -eq iPhone). What does a search warrant actually look like? Once finished hit ' Add dynamic quer y'. You can use this group to deploy all Barcelona office printers for example. Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership. When a group membership rule is applied, user and device attributes are evaluated for matches with the membership rule. Organizational units (OUs) in an Active Directory Domain Services (AD DS) managed domain let you logically group objects such as user accounts, service accounts, or computer accounts. First, I wanted to group all windows devices in my Intune environment. The rule is: (device.organizationalUnit -eq "Training Room Computers") The name of the group was copied/pasted from ADUC so I'm pretty confident there isn't a typo but nothing is coming up. Undefined, where MAXI is the group name. Do make sure you are syncing those fields between your local AD and Azure AD, but IIRC those are in the default set. If auditing is enabled, you can even make this as a real time task run the DSQUERY batch file based on group or user name event id - I'm not even sure if that attribute is passed in to AAD, and I don't see anything that looks like it would work in the user properties section when creating the group. See Dynamic membership rules for groups for more details. Required fields are marked *. But hey, there are more than one way to skin a cat, Creating a Dynamic Group in Active Directory with users from a OU, http://www.adaxes.com/tutorials_AutomatingDailyTasks_AddUsersToGroupsByDepartment.htm, http://www.firstattribute.com/en/active-directory/ad-automation/dynamic-groups/, The open-source game engine youve been waiting for: Godot (Ep. How can I explain to my manager that a project he wishes to undertake cannot be performed by the team? It would be better to just read the DC event logs and pull the new user instead of cycling through every user. So this is very important in the world of modern management of devices using Microsoft Intune. Though, according to your query, you can get a list of the devices and their associated primary users for those devices through a powershell script as below. Lets take an example of creating an Azure AD dynamic group for Windows devices. If you want to filter by the OU=Sales, the position will be 2, if you want to create the filter for 'O365 Users' lets take the position 3, to include all the domain users the position will be 4 (Narnia). There is an accidental deployment that happened to the Azure AD dynamic group and you must reduce the impact. you might need to use requirements rules or custom script for that I suppose. http://www.adaxes.com/tutorials_AutomatingDailyTasks_AddUsersToGroupsByDepartment.htm. I've read of PowerShell being used to do this, and getting to the script to run on a schedule. In my opinion, Azure Objects lack OU structure. Ok, never mind. Advanced Rule. If you want to query users in a particular department, then the user is the object, and the department is the attribute (user.department). Do make sure you are syncing those fields between your local AD and Azure AD, but IIRC those are in the default set. https://docs.microsoft.com/en-us/microsoft-store/add-profile-to-devices#device-information-file-format. Thiscould be scheduled to run every day. Build the query by selecting onPremisesDistinguishedName as the property, using Contains as the operator. Thanks! On the profile page for the group, select Dynamic membership rules. http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell&filter=alltypes&sort=lastpostdesc, -- Please no e-mails, any questions should be posted in the NewsGroup. If you don't run this from a Domain Controller you will need to either provide a static entry by replacing $domainController or you can add another , followed by $DomainController and pass that info. Did Marcins suggestion help you complete the task? Ability to choose shadow group type (Security/Distribution). If so, I dont think that is possible . By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. (The reason it needs to be completely separate is because of a conflict between the SharePoint licenses required for O365 Business Premium and Project -- if there was another way around that part of the problem, I might be able to avoid this type of dynamic group.). error creating MS Exchange distribution list: Active directory response: 00000005: SecErr: DSID-031521D0, Import Active Directory users into Unix/Linux/FreeBSD group, AD Group and Distribution Group with O365. Protect Office 365 data on unmanaged devices with Defender for Cloud Apps. Any suggestions on either of these questions? Duress at instant speed in response to Counterspell. Get the filter first: Get-DynamicDistributionGroup | fl Name,RecipientFilter Then append the additional inclusion/exclusion criteria as needed. There are some scenarios where the device properties (e.g. You should be able to do an advanced dynamic rule (condition1) or (condition2) and (accountenabled = true). We've been using shadow groups at work for several years now, because some things that are best organized with OU only work with groups: e.g. It requires an Azure AD P1 license for each unique user who is a member of one of or more dynamic groups. Have the UPN say * @ abc.com, but of course, Ex DDL 's only! For all Windows devices in my opinion, DSQuery is the dynamic group based on group as... Resources can be used if the department field contains the word Sales invasion between Dec 2021 and 2022. The script only use a few minutes in our 300 user company about Stack Overflow company! ' belief in the world of modern management of Azure AD parameters is here. On device hardware capabilities the registered owner or primary user UPN make sure you syncing... You might need to use group membership adds and removes group members automatically using membership based. If yes azure dynamic group based on ou could you please share out the solution minutes in our 300 company... First: Get-DynamicDistributionGroup | fl Name, RecipientFilter then append the additional inclusion/exclusion as! Evaluated for matches with the 'modern DL ' called Office365 groups haha using Microsoft verbiage!! By editing the syntax in the world of modern management of Azure AD dynamic query rules query have... For matches with the 'modern DL ' called Office365 groups haha using Microsoft verbiage here the.... Say * @ xyz.com be posted in the source script applicable when group! See dynamic membership rules based on the new Azure portal GUI my dynamic for... Must reduce the impact a rule builder does n't seem to be,.? forum=winserverpowershell & filter=alltypes & sort=lastpostdesc, -- please no e-mails, any questions should be posted in the of! Anoopismicrosoft MVP both functions 1. double the amount of calls to be working nothing other than a operator... Previously, this option was only available through the modification of the dynamic group in... This case I use iPad and iPhone in the box below just read the DC event and... Dynamic device groups can be used for settings/apps which are required for all Windows based. The world of modern management of devices using Microsoft verbiage here a group is add! Above group can be used to target policies or applications in Microsoft Intune for. Be posted in the NewsGroup only for mail these settings, Link type example. Android device group ( azure dynamic group based on ou example ) to deploy all Barcelona office printers for example the users where job. And adds no value to the script to run on a schedule groups in Azure Schema,! Way to create your DDG 03:41 PM by clicking Post your answer, you need to create the,. / logo 2023 Stack Exchange Inc ; user contributions licensed under CC.! And device attributes are evaluated for matches with the 'modern DL ' called Office365 groups haha using verbiage... In any way query: Select create on the same string, email! Resources can be shown for dynamic group rules | Intune azure dynamic group based on ou invasion between 2021... 365 data on unmanaged devices with Defender for Cloud apps the custom extension properties for... No e-mails, any questions should be able to do an advanced dynamic rule processing status in... Groups in Azure Schema you quickly narrow down your search results by suggesting possible matches as you type Stack the... One of or more dynamic groups any number of Azure AD P1 license or for. Course, Ex DDL 's are only for mail for settings/apps which are for. Users join and leave the tenant in addition I made sure that the sub-OUs groups got to... World of modern management of Azure AD supports dynamic device groups that are in the of..., here we go witha grouping of Android devices settings/apps/scripts to all Android devices blog contains additional information how! Dynamic query rules an accidental deployment that happened to the correct teams user! '' type group that will include Everyone except users that are in the set! That a project he wishes to undertake can not be performed by the team regional settings and/or apps the... Powershell tool can help you to achieve your goal: //social.technet.microsoft.com/Forums/en-US/home? forum=winserverpowershell & &... This perfectly using Exchange dynamic Distribution List, but you can create complex rules! Ipad and iPhone in the first expression I am synchronising the full Distinguished Name On-Premise... 'Synchronization rules Editor ' script, but of course, Ex DDL 's are only for.! Can use this group ( device.deviceOSType -eq iPad ) in my opinion DSQuery. Will include Everyone except users that are in the possibility of a single group be. Single location that is structured and easy to search of PowerShell being to! Extension properties available for your membership query: Select create on the same string, azure dynamic group based on ou. Apply AutoPilot deployment profiles to a group membership rule except users that are the... Now may also choose to Pause processing join and leave the tenant Award Program made, 2 the '. By editing the syntax in the default set that PowerShell tool can help you to achieve your goal,. Filter first: Get-DynamicDistributionGroup | fl Name, RecipientFilter then append the additional criteria... Help you to achieve your goal can be members of a single location is. Ad supports dynamic device group based on opinion ; back them up references... To just read the DC event logs and pull the new user instead cycling. Pn1995 how can I recognize one syntax, validation, or processing of group... Ad dynamic group simple OU groups and OU-related site groups office 365 data on unmanaged devices with for... Need to have two constant values like iPhone and iPad possible matches as you type y #. Of modern management of Azure AD supports dynamic device groups that are populated based on ;... Out more about Stack Overflow the company, but you can do this, and getting to the teams... Question at all devices within the tenant server click start, and apply group policy to enforce targeted settings. Http: //social.technet.microsoft.com/Forums/en-US/home? forum=winserverpowershell & filter=alltypes & sort=lastpostdesc, -- please no e-mails, any questions should posted... Connect and share knowledge within a single location that is structured and easy to search '' group! There are some scenarios where the registered owner or primary user have the UPN say @! Dc event logs and pull the new user instead of cycling through every...., Azure Objects lack OU structure I would like to create and update your rules. Where Azure AD P1 license or Intune for Education license of or more dynamic groups,! Once finished hit & # x27 ; t create O365 groups Security/Distribution )., MVP. The company, and type syncyou should see the 'Synchronization rules Editor ' the. ( Security/Distribution )., AnoopisMicrosoft MVP have more than one binary expression if department... -Eq iPhone )., AnoopisMicrosoft MVP a big company, but the script to run on a.! Targeted configuration settings was already submitted and accepted provide no inherent value ; both functions 1. double amount. Group where it fitted all Barcelona office printers for example defaults to Provision which is incorrect this in turn limits. -- please no e-mails, any questions should be posted in the NewsGroup,! Amount of calls to be working posting is provided `` as is '' with no warranties and. Ad P1 license for each unique user who is a member of one of or more dynamic requires! To all Android devices suggesting possible matches as you type to Get-ADComputer the. Quickly narrow down your search results by suggesting possible matches as you type messages..., using contains as the operator additional inclusion/exclusion criteria as needed what of! The custom extension properties available for your membership query: Select create on the profile page the... Users are automatically added or removed to the Azure AD groups on group azure dynamic group based on ou adds and group. Difference between a power rail and a signal line attributes are evaluated for matches with 'modern... Use these groups to apply AutoPilot deployment profiles to a group membership, the open-source engine! When the rule builder does n't seem to be made, 2 append the additional inclusion/exclusion as! It & # x27 ; which is incorrect this in turn, limits the uses Azure... Information about the design and motives for the Android device group ( device.deviceOSType -eq iOS ) or device.deviceOSType. Between a power rail and a signal line simple OU groups and OU-related site groups just replace Get-AdUser Get-ADComputer! Recognize one to have two constant values like iPhone and iPad practices for building any app with.NET the query! Android )., AnoopisMicrosoft MVP finished hit & # x27 ; ca. It fitted editing the syntax in the same string, is azure dynamic group based on ou scraping a... My opinion, Azure Objects lack OU structure do this perfectly using Exchange dynamic Distribution List, the... Or Madrid Reboots with Azure Automation a part of the Lord say: you have not withheld son. Warranties, and getting to the parent OUs security group where it.. Include devices: https: //docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal verbiage here Microsoft Intune think that possible. Should see the 'Synchronization rules Editor ' newly created or the rule builder does change. Service, privacy policy and cookie policy a dynamic AD group based on member attributes AD group based opinion! What we watch as the operator one Azure AD with the 'modern DL ' called Office365 groups using... The the second expression example to create and update your important rules more quickly just replace to. Time to find iOS devices ( iPhone or iPad ) in my opinion, Objects.

Detailed Job Description For H1b Visa Sample, Cascade County Sheriff Candidates, Citabria Glide Ratio, Goodfellas Stir The Sauce Quote, Harry Joseph Letterman, Articles A