Azure Powershell - Add User to Group, filtered by license-CodePudding

Been trying to create a Powershell script to achieve the following.

Check which users have a specific license assigned
assign these users to a specific security group.

Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"} | Add-AzureADGroupMember -ObjectID c1ec272d-e0d2-496c-ba65-602e7d822c75

The first part of the script runs okay Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"} which returns the users that have the license, however when trying to pipe results to "AddAzureADGroupMember" an error occurs.`

Error:

At line:1 char:1
  Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVEL ...
  ~~~~~~~~~~~~
      CategoryInfo          : NotSpecified: (Microsoft.Onlin...omation.GetUser:GetUser) [Get-MsolUser], PipelineStoppedException
      FullyQualifiedErrorId : System.Management.Automation.PipelineStoppedException: The pipeline has been stopped.
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.Pipe.AddToPipe(Object obj)
   at System.Management.Automation.Internal.Pipe.AddItems(Object objects)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at System.Management.Automation.MshCommandRuntime.WriteObject(Object sendToPipeline, Boolean enumerateCollection)
   at System.Management.Automation.Cmdlet.WriteObject(Object sendToPipeline, Boolean enumerateCollection)
       at Microsoft.Online.Administration.Automation.MsolCmdlet.ProcessList(SearchDefinition searchDefinition, Int32 maxResultsSize) in X:\bt\1067178\repo\src\dev\PowerShell.V1\modules\psmodule\Cmdlets\MsolCmdlet.cs:line 372,Microsoft.Online.Administration.Automation.G
   etUser

Add-AzureADGroupMember : Error occurred while executing AddGroupMember
Code: Request_BadRequest
Message: Invalid object identifier 'Microsoft.Online.Administration.User'.
RequestId: be0ee2c5-44e0-41f3-a9e2-f8396980cf6b
DateTimeStamp: Fri, 22 Oct 2021 10:37:21 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:86
  ... PACK_E5"} | Add-AzureADGroupMember -ObjectId c1ec272d-e0d2-496c-ba65- ...
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : NotSpecified: (:) [Add-AzureADGroupMember], ApiException
      FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.AddGroupMember```

CodePudding user response：

The reason you are getting the error is you are not using the refobjectiD . You can try to use the below cmdlt with foreach to achieve your requirement

Get-AzureADUser | Where-Object {($_.AssignedLicenses).SkuId -match "*******"} | ForEach-Object { Add-AzureADGroupMember -ObjectID ****** -RefObjectId $_.ObjectId}

Here is my output screenshots:

CodePudding user response：

Managed to get this done with below, appreciate all help with this.

$Users = (Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"}) | select -expand ObjectId

foreach ($User in $Users) {
Add-AzureADGroupMember -ObjectId 'c1eXXX2d-XXX2-496c-ba65-6XXXXXXXX5' -RefObjectId ($user)
}