Home > Mobile >  How to create Dynamic membership rules for groups in Azure Active Directory from powershell
How to create Dynamic membership rules for groups in Azure Active Directory from powershell

Time:12-01

Somebody know if it is possible to how to create Dynamic membership rules for groups in Azure Active Directory from powershell instead of passing from “Rule builder in the Azure portal” ?

Thank you

CodePudding user response:

I tried to reproduce the same in my environment to create dynamic membership rules for groups in Azure Active Directory from powershell

As I tried below script to create dynamic membership rules for groups in Azure Active Directory from powershell

You can get the Administrative units Object ID like below

AzurePortal>Administrative units>Select your Administrative Unit>Properties (Preview)

(https://i.imgur.com/P7bTMmt.png)

You can get the Group Object ID like below

AzurePortal>Azure Active Directory>Groups>Select your Group>

(https://i.imgur.com/vfg9G1U.png)

#Install Azure AD Module
 
Install-Module -Name AzureADPreview

#Connect to Azure Account

Connect-AzureAD

#Get AzureADMSAdministrativeUnit Details

Get-AzureADMSAdministrativeUnit -id <AzureADMSAdministrativeUniObjectID>

#Create Dynamic membership rules to Exiting AzureADMSAdministrativeUnit

Set-AzureADMSAdministrativeUnit -Id <AzureADMSAdministrativeUnit ObjectID> -MembershipRule '(user.Department -eq "HR") -or (user.usageLocation -eq "India")'

#Get Azure AD Group details

Get-AzureADMSGroup -id <AzureADMSGroupobjectID>

#Create Dynamic membership rules to AzureAD group

Set-AzureADMSGroup -id <AzureADMSGroupobjectID> -MembershipRule '(user.Department -eq "IT") -or (user.usageLocation -eq "Canada")'

#Create New group with Dynamic Membership rule

New-AzureADMSGroup -DisplayName "Dynamic Group 01" -Description "Dynamic group created from PS" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.department -contains ""Marketing"")" -MembershipRuleProcessingState "On"

(https://i.imgur.com/P757RtM.png)

Finally Created Group with Dynamic Membership Rule

(https://i.imgur.com/C8GHyNS.png)

CodePudding user response:

Thank you for your detailled answer with the captures. I tried but it does'not work.

  1. I installed modules in Powershell:
Install-Module -Name AzureAD
Install-Module -Name AzureADPreview

Import-Module AzureAD
Import-Module AzureADPreview

Get-Module -Name AzureADPreview

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     2.0.2.129  AzureADPreview                      {Add-
  1. Created Group

New-AzureADMSGroup -DisplayName "GR-TEST-01" -MailEnabled $false -SecurityEnabled $true -MailNickName "group"

  1. Created Dynamic Rule

Set-AzureADMSGroup -id 50114fb2-3c4d-4e65-95d4-5f8a7fa01d1e -MembershipRule '(user.userType -eq "Member") and (user.mailNickname -contains ".")'

But when i check on AZure Portal there is not the Dynamic Rule created Membership type is on "Assigned" not on "Dynamic Device"

enter image description here

Page link:https//www.codepudding.com/Mobile/628696.html

Prev:Obtain the DNS name of a VM from the Hyper-V host its running on using PowerShell
Next:Using matlab to compare 2 excel files
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding