Been trying to create a Powershell script to achieve the following.
- Check which users have a specific license assigned
- assign these users to a specific security group.
Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"} | Add-AzureADGroupMember -ObjectID c1ec272d-e0d2-496c-ba65-602e7d822c75
The first part of the script runs okay Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"}
which returns the users that have the license, however when trying to pipe results to "AddAzureADGroupMember" an error occurs.`
Error:
At line:1 char:1
Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVEL ...
~~~~~~~~~~~~
CategoryInfo : NotSpecified: (Microsoft.Onlin...omation.GetUser:GetUser) [Get-MsolUser], PipelineStoppedException
FullyQualifiedErrorId : System.Management.Automation.PipelineStoppedException: The pipeline has been stopped.
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.Pipe.AddToPipe(Object obj)
at System.Management.Automation.Internal.Pipe.AddItems(Object objects)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at System.Management.Automation.MshCommandRuntime.WriteObject(Object sendToPipeline, Boolean enumerateCollection)
at System.Management.Automation.Cmdlet.WriteObject(Object sendToPipeline, Boolean enumerateCollection)
at Microsoft.Online.Administration.Automation.MsolCmdlet.ProcessList(SearchDefinition searchDefinition, Int32 maxResultsSize) in X:\bt\1067178\repo\src\dev\PowerShell.V1\modules\psmodule\Cmdlets\MsolCmdlet.cs:line 372,Microsoft.Online.Administration.Automation.G
etUser
Add-AzureADGroupMember : Error occurred while executing AddGroupMember
Code: Request_BadRequest
Message: Invalid object identifier 'Microsoft.Online.Administration.User'.
RequestId: be0ee2c5-44e0-41f3-a9e2-f8396980cf6b
DateTimeStamp: Fri, 22 Oct 2021 10:37:21 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:86
... PACK_E5"} | Add-AzureADGroupMember -ObjectId c1ec272d-e0d2-496c-ba65- ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [Add-AzureADGroupMember], ApiException
FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.AddGroupMember```
CodePudding user response:
The reason you are getting the error is you are not using the refobjectiD
.
You can try to use the below cmdlt
with foreach
to achieve your requirement
Get-AzureADUser | Where-Object {($_.AssignedLicenses).SkuId -match "*******"} | ForEach-Object { Add-AzureADGroupMember -ObjectID ****** -RefObjectId $_.ObjectId}
Here is my output screenshots:
CodePudding user response:
Managed to get this done with below, appreciate all help with this.
$Users = (Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "DEVELOPERPACK_E5"}) | select -expand ObjectId
foreach ($User in $Users) {
Add-AzureADGroupMember -ObjectId 'c1eXXX2d-XXX2-496c-ba65-6XXXXXXXX5' -RefObjectId ($user)
}