Home > Blockchain >  How do I check whether a device is already in an Azure group (Powershell)
How do I check whether a device is already in an Azure group (Powershell)

Time:09-30

I'm trying to find a way to see whether an Azure-enrolled device is a member of an Azure group.

The functionality I am aiming for is:

  1. Enter device Object ID
  2. Get all the Azure AD groups
  3. Get the target device using 'Get-AzureADDevice'
  4. Loop through a collection of groups and check if each group contains the device
  5. If the device isn't in a group, add the device to the group. Otherwise skip.

Here is a snippet of my code so far:

$DeviceOID = Read-Host "Enter device's Object ID "

#Get All Azure AD Groups
$AzureGroups = Get-AzureADGroup -All:$true| Sort DisplayName
   
$Collection = @("Group1", "Group2", "Group3")

$targetDevice = Get-AzureADDevice -ObjectId $DeviceOID

#loop through and add user to each group
foreach ($Item in $Collection)
{
    $GroupOID = ($AzureGroups | Where {$_.DisplayName -eq $Item}).ObjectID

    $GroupMembers = Get-AzureADGroupMember -ObjectId $GroupOID -All $true

    if ($GroupMembers -contains $targetDevice) {
        Write-Output "Device already in $Item"
    } else {
        Add-AzureADGroupMember -ObjectID $GroupOID -RefObjectID $DeviceOID
    }
}

The problem I am running into is that although the device is indeed in all 3 groups, the script is not recognising this and is still trying to add the device into said groups:

Add-AzureADGroupMember : Error occurred while executing AddGroupMember
Code: Request_BadRequest
Message: One or more added object references already exist for the following modified properties: 'members'.

CodePudding user response:

I tried to reproduce the same in my environment its work successfully.

When I tried to use your cmdlet, my device is added in azure group successfully as below.

enter image description here

enter image description here

I tried to check whether my device is already exists in azure group I am getting the same error as below.

enter image description here

To resolve this issue, try to remove sort display the term 'Sort' is not recognized as a name of a cmdlet, and I agree with the guiwhatsthat you need to add ($Group in Members.ObjectId -contains $targetDevice.ObjectId) in if statement as below.

$DeviceOID = Read-Host "Enter device's Object ID "

#Get All Azure AD Groups
$AzureGroups = Get-AzureADGroup -All:$true
   
$Collection = @("Group1", "Group2", "TestGroup")

$targetDevice = Get-AzureADDevice -ObjectId $DeviceOID

#loop through and add user to each group
foreach ($Item in $Collection)
{
    $GroupOID = ($AzureGroups | Where {$_.DisplayName -eq $Item}).ObjectID

    $GroupMembers = Get-AzureADGroupMember -ObjectId $GroupOID -All $true

    if ($GroupMembers.ObjectId -contains $targetDevice.ObjectId) {
        Write-Output "Device already in $Item"
    } else {
        Add-AzureADGroupMember -ObjectID $GroupOID -RefObjectID $DeviceOID
    }
}

Output:

enter image description here

Page link:https//www.codepudding.com/Blockchain/560947.html

Prev:i want to extract date time and IP address from text line
Next:Domain name not pointing on root directory
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding