Home > Enterprise >  Add Azure AD users to Azure AD groups
Add Azure AD users to Azure AD groups

Time:06-29

i would like to know how to add azure ad users to azure ad groups. To do this, I would like the script to validate if the group exists. If so, check if the user is already a member of the group. If not, add the user to the group. The problem I have is that I can't figure out what I'm doing wrong in the catch/else part. It appears 2x when the group does not exist. Can you help me?

Connect-AzureAD


### Azure AD Users ###
$Users = 
@"
UPN
[email protected]
[email protected]
"@ | ConvertFrom-Csv -Delimiter ','
   

### Azure AD GROUP ###
$Groups =
 @"
Group
test-lab
test-dev
test-prod
"@ | ConvertFrom-Csv -Delimiter ','


 foreach($user in $Users) {
     $AzureADUser = Get-AzureADUser -Filter "UserPrincipalName eq '$($user.UPN.Trim())'"
     if($AzureADUser -ne $null) {
         try { 
              Foreach($group in $Groups){

             $AzureADGroup = Get-AzureADGroup -Filter "DisplayName eq '$($Group.Group.Trim())'"
             $isUserMemberOfGroup = Get-AzureADGroupMember -ObjectId $AzureADGroup.ObjectId -All $true | Where-Object {$_.UserPrincipalName -like "*$($AzureADUser.UserPrincipalName)*"}


            if($isUserMemberOfGroup -ne $null) {
            write-host "$($user.upn) is already a member of Azure AD Group: $($Group.group.trim())." -ForegroundColor Green
            }

            if($isUserMemberOfGroup -eq $null) {
                 Add-AzureADGroupMember -ObjectId $AzureADGroup.ObjectId -RefObjectId $AzureADUser.ObjectId

                 write-host "$($user.upn) added to Azure AD group: $($Group.group.trim())." -ForegroundColor Green
                }
            }
         }
         catch { ### warning error if group doesn't exist ###

           Write-Warning " Azure AD Group $($Group.Group.Trim()) doesn't exist."

         }
     }
     else { ### Write Warning error if user doesn't exist###
         $message = " $($user.upn) doesn't exist"
         Write-Warning "$message"
     }
 }

CodePudding user response:

Here is how I would approach the task, hope the inline comments help you understand the logic.

$azUsers = foreach($user in $users) {
    $azUser = Get-AzureADUser -Filter "UserPrincipalName eq '$($user.UPN.Trim())'"
    if(-not $azUser) {
        Write-Warning ("'{0}' couldn't be found, excluding it." -f $user.UPN)
        continue
    }
    $azUser
}

# kill the script here
if(-not $azUsers) { throw 'No users could be found. Halting.' }

foreach($group in $groups) {
    $azGroup = Get-AzureADGroup -Filter "DisplayName eq '$($group.Group.Trim())'"
    if(-not $azGroup) {
        Write-Warning ("'{0}' couldn't be found, skipping it." -f $group.Group)
        continue
    }
    # this will help getting unique membership and
    # knowing if the user to be added is already a member
    $hash = [Collections.Generic.Hashset[guid]]::new()
    $membership = (Get-AzureADGroupMember -ObjectId $azGroup.ObjectId -All $true).ObjectId
    foreach($member in $membership) {
        $null = $hash.Add($member)
    }

    foreach($user in $azUsers) {
        # if the user is not a member
        if($hash.Add($user.ObjectId)) {
            # add it
            Add-AzureADGroupMember -ObjectId $azGroup.ObjectId -RefObjectId $user.ObjectId
            # display the OK message
            Write-Host "$($user.UserPrincipalName) added to Azure AD group: $($group.group.trim())." -ForegroundColor Green
            # and go to next user
            continue
        }

        # if we're here we assume the user was already a member so
        Write-Host "$($user.upn) is already a member of Azure AD Group: $($Group.group.trim())." -ForegroundColor Yellow
    }
}

Page link:https//www.codepudding.com/Enterprise/457989.html

Prev:How to use string as variable in powershell
Next:Powershell, How to Delete if file exists and rename available file
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding