Home > Software design >  How to check if Azure AD User exist?
How to check if Azure AD User exist?

Time:08-12

I have a script that allows to copy Azure AD groups from one user to another. The issue I have is the fact that I can't validate if the source or target user exists. Can you help me with this?

# Azure AD sign-in
Connect-AzureAD

# enter UPN of the first user
$user1 = Read-host "Enter username to copy from: "

# enter UPN of the second user
$user2  = Read-host "Enter username to copy to: " 

# Get ObjectId based on username of user to copy from and user to copy to
$user1Obj = Get-AzureADUser -ObjectID $user1
$user2Obj = Get-AzureADUser -ObjectID $user2


#Get the Source and Target users
$SourceUser = Get-AzureADUser -Filter { UserPrincipalName -eq $user1 }
$TargetUser = Get-AzureADUser -Filter { UserPrincipalName -eq $user2 }


$membershipGroups1 = Get-AzureADUserMembership -All $true -ObjectId $user1Obj.ObjectId
$membershipGroups2 = Get-AzureADUserMembership -All $true -ObjectId $user2Obj.ObjectId | Select-Object -ExpandProperty 'DisplayName'

If($Null -ne $SourceUser -and $Null -ne $TargetUser)
{

foreach ($group in $membershipGroups) 
{
    if ($group.DisplayName -notin $membershipGroups2) { 
        Write-Host "[!] - Adding" $user2Obj.UserPrincipalName " to " $group.DisplayName '... ' -ForegroundColor Yellow
        Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user2Obj.ObjectId
    }
    else {
        Write-Host "User is already memberof $($group.Displayname)" -ForegroundColor 'Green'
    }

        $date = get-date -format g
        Write-Host "[$date] : Source or Target user is invalid!" -ForegroundColor Red
       }
}
Write-Host "Done!"

CodePudding user response:

Rewritten as explained in my comment. Also removed the entire $SourceUser and $TargetUser references since I don't see the purpose for those.

# Azure AD sign-in
Connect-AzureAD

# enter UPN of the first user
$user1 = Read-host "Enter username to copy from: "

# enter UPN of the second user
$user2  = Read-host "Enter username to copy to: " 

# Get ObjectId based on username of user to copy from and user to copy to
$user1Obj = Get-AzureADUser -ObjectID $user1
$user2Obj = Get-AzureADUser -ObjectID $user2

$membershipGroups1 = Get-AzureADUserMembership -All $true -ObjectId $user1Obj.ObjectId
$membershipGroups2 = Get-AzureADUserMembership -All $true -ObjectId $user2Obj.ObjectId | Select-Object -ExpandProperty 'DisplayName'

If($Null -ne $user1Obj -and $Null -ne $user2Obj)
{

    foreach ($group in $membershipGroups) 
    {
        if ($group.DisplayName -notin $membershipGroups2) { 
            Write-Host "[!] - Adding" $user2Obj.UserPrincipalName " to " $group.DisplayName '... ' -ForegroundColor Yellow
           # Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user2Obj.ObjectId
        }
        else {
            Write-Host "User is already memberof $($group.Displayname)" -ForegroundColor 'Green'
        }
    }
}
else {
    $date = get-date -format g
    Write-Host "[$date] : Source or Target user is invalid!" -ForegroundColor Red
}
Write-Host "Done!"

You might also try using a try-catch block earlier in the script

try {
    $user1Obj = Get-AzureADUser -ObjectID $user1
    $user2Obj = Get-AzureADUser -ObjectID $user2
}
catch {
    $date = get-date -format g
    Write-Host "[$date] : Source or Target user is invalid!" -ForegroundColor Red
}

CodePudding user response:

I went this way and it works fine. Thanks for all your answers

# Azure AD sign-in
  Connect-AzureAD

# enter UPN of the first user
$user1 = Read-host "Enter username to copy from: "

# enter UPN of the second user
$user2  = Read-host "Enter username to copy to: " 

# Get-AzureADUserMembership
$membershipGroups1 = Get-AzureADUserMembership -All $true -ObjectId $user1Obj.ObjectId
$membershipGroups2 = Get-AzureADUserMembership -All $true -ObjectId $user2Obj.ObjectId | Select-Object -ExpandProperty 'DisplayName'


try {

# Get-AzureADUser -ObjectID to validate if the user exists
$user1Obj = Get-AzureADUser -ObjectID $user1
$user2Obj = Get-AzureADUser -ObjectID $user2

foreach ($group in $membershipGroups1) 
{
    if ($group.DisplayName -notin $membershipGroups2) { 
        $date = get-date -format g
        Write-Host "[!] - Adding" $user2Obj.UserPrincipalName " to " $group.DisplayName '... ' -ForegroundColor Yellow
        Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $user2Obj.ObjectId
    }
    else {
        $date = get-date -format g
        Write-Host "User is already memberof $($group.Displayname)" -ForegroundColor 'Red'

    }
  }
}
   catch {
    $date = get-date -format g
    Write-Host "[$date] : Source or Target user is invalid!" -ForegroundColor Red
 }

Write-Host "Done!"

Page link:https//www.codepudding.com/Softwaredesign/507682.html

Prev:PowerShell string replacement with csv as search and replace pattern for a separate file
Next:Powershell profile script with input parameters
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding