I am new to this so please apologise if I missed some information.
I have the following situation:
I have a employee list in CSV and I need to update existing users in my tenent through powershell. I tried some skripts I found online but non of them I could get working. I can connect to the tenent and import the csv but nothing more.
I need to update the following:
fax, office, streetadress, city, postalcode, department, title, officephone, mobilephone and mail
Can someone give me a template or something similar? I would really appreciate some help.
If your csv file is listed with a distinguishable object e.g. Active Directory User sAMaccount's and its correlating data 'fax, office, streetadress, city, postalcode, department, title, officephone, mobilephone and mail'
High Level Steps To Update Active Directory User Properties
Import Active Directory Module
Import CSV File containing data to be matched and updated
Run Get-ADUser cmdlet to get the object to be updated
Run Set-ADUser cmdlet to update the property
Example Script To Update AD User From CSV File
#Import Active Directory module
Import-Module ActiveDirectory
#Import CSV File to set variable for the user’s logon name + update data + delimiter
$Users = Import-CSV -Delimiter ";" -Path "c:\psscripts\users.csv"
#Using your code to filter AD Sam Accounts listed CSVData is listed with the information you wish to update
Foreach($user in $users){
#Using your code to filter AD Sam Accounts Based on column samaccountname in the csv file
Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" | Set-ADUSer `
-fax $($User.Fax) `
-office $($User.Office) `
-StreetAddress $($User.StreetAddress) `
-city $($User.City) `
-postalcode $($User.PostCode) `
-title $($User.Title)`
-department $($User.Department) `
-officephone $($User.Officephone) `
-mobilephone $($User.Mobilephone) `
-mail ($User.Mail)
}
The below post shares the PowerShell script to modify bulk user attributes for multiple user accounts in a simple way by importing user details from a CSV file.
https://morgantechspace.com/2022/03/update-bulk-azure-ad-user-attributes-using-powershell.html
This script helps to update bulk user attributes as hashtable in a single command (Set-AzureADUser).
#Hashtable to keep multiple attribute values
$AttributesToUpdate = #{}
$AttributesToUpdate["JobTitle"] = "Sales Manager"
$AttributesToUpdate["Department"] = "Sales"
# Set required user attributes.
# Need to prefix the variable AttributesToUpdate with # symbol instead of $ to pass hashtable as parameters (ex: #AttributesToUpdate).
Set-AzureADUser -ObjectId "user#domain.com" #AttributesToUpdate
# Refer to the below post for more details.
# https://morgantechspace.com/2022/03/update-bulk-azure-ad-user-attributes-using-powershell.html
Related
I am trying to get the user name and the employee ID from Azure Active Directory, but I keep getting a can not match parameter error. See the attached image.
Get-AzADUser -UserPrincipalName $.UserPrincipalName -EmployeeID $.EmployeeID
Parameter Error
I wasn't able to get the employeeId using AdditionalProperties.
Quickest way for me is using the azuread module, as employeeId is not a standard property but and extension, you can get that info using the following command:
get-azureaduser -objectid user#domain | get-azureaduserextension
[1]:Example https://i.stack.imgur.com/uAxz7.png
Also I recommend using graph API to get info from AAD.
https://devblogs.microsoft.com/premier-developer/getting-started-with-graph-api-and-graph-explorer/?msclkid=249a6a28ae7311ec958ae49c7dc811e2
BR
As there is no parameter called EmployeeId in the get-azaduser that's why it gives you the error . The employee Id is stored inside the additional properties.
So if you want to get the AD users name and employee ID you can use the below command :
Get-AzADUser | Select-Object UserprincipalName , #{N="EmployeeId";E={$_.AdditionalProperties["employeeId"]} }
Output:
I needed to grab this attribute and finally got it working:
$user = Get-AzureADUser -SearchString $displayName
$empID = $user.ExtensionProperty.employeeId
I have tried the below and it worked for me.
Get-AzureADUser -top 70000 | ? {$_.AccountEnabled -like $true -and $_.userType -like "Member" -and $_.ExtensionProperty.employeeId -notlike $null } |
select DisplayName,AccountEnabled,Userprincipalname,usertype,#{N="EmployeeID";E={$_.ExtensionProperty.employeeId}}
Is there a way to fetch all details of routing from each subscription with Route-Table Name, subscriptions, next hop type address prefix.
I have tried 'Get-AzRouteTable -ResourceGroupName "" -Name "prod" | Get-AzRouteConfig | Export-Csv azureroutetable2.csv' but getting only from specific environment, is there a better way to do the same?
Regards
Devbrat
According to the help for Get-AzRouteTable it doesn't require any value to be specified for ResourceGroupName so we should just be able to loop through your available contexts. If you did have a large Azure Network infrastructure and they were logically organised by Resource Group, you may want to consider looping through Resource Groups too.
That being said, you can do something like this. It will create a csv for each subscription in your current session. Change the . at the beginning of the path value to set a full path if you would like.
$Contexts = Get-AzContext -ListAvailable
foreach ($Context in $Contexts) {
[void](Set-AzContext -SubscriptionId $Context.Subscription.Id)
$RouteConfig = Get-AzRouteTable -Name "prod" | Get-AzRouteConfig
# If you are using PowerShell 5.1, add '-NoTypeInformation' to the end of this command.
$RouteConfig | Export-Csv -Path ".\$($Context.Subscription.Name)_Routes.csv" -Encoding utf8 -NoClobber
}
https://learn.microsoft.com/en-us/graph/api/reportroot-getsharepointactivityuserdetail?view=graph-rest-1.0
Who to get user info from the User Principal Name(GUID) returns in getSharePointActivityUserDetail api
Result sample
As far as I understand (the question and the doc), the GUID is a global and unique ID for all SharePoint users.
You can found a PowerShell command here that could help you to get the user names from the guid:
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
Get-SPSite http://win-pfcp2dgt8di/sites/EnjoySharePoint/ | Get-SPWeb -Limit ALL | %{$_.Lists} |?{$_.ID –eq "B13CC473-6187-4478-A0DD-853E83AA6F9D"} |ft Title, ParentWebURL, RootFolder
I'm trying to update AzureADGroupMember for multiple users in a CSV File by UPN.
This is what I've came across and attempted:
$users = Import-csv "C:\Temp\testgroup2.csv"
$users | ForEach-Object{
Add-AzureGroupADGroupMember -ObjectId xcv9890-stest999-xcvxc234-xcv2342324
-RefObjectId (Get-AzureADUser -ObjectId $_.UPN).ObjectId
}
I get the following 2 errors.
Import-csv : The member "Role" is already present.
At line:1 char:10
Get-AzureADUser : Cannot bind argument to parameter 'ObjectId' because it
is null.
At line:4 char:120
Any idea why this keeps happening? I would really appreciate the help.
Thank you,
Well, since you did not provide the .csv file, I can just give you a solution that works on my side.
First, let's check the two errors.
Import-csv : The member "Role" is already present.
I can reproduce this issue, this means your .csv file has two columns header 'Role', just modify it into a correct format.
Get-AzureADUser : Cannot bind argument to parameter 'ObjectId' because it
is null.
This means this part $_.UPN is null, this may be caused by the first error.
My sample:
testgroup.csv
UPN,Role
leeliu#xxxxxx.onmicrosoft.com,role1
test#xxxxxx.onmicrosoft.com,role2
script (you should use Add-AzureADGroupMember, not Add-AzureGroupADGroupMember):
$users = Import-csv "C:\Users\joyw\Desktop\testgroup.csv"
$users | ForEach-Object{
Add-AzureADGroupMember -ObjectId 9d42xxxxxx28b600ad -RefObjectId (Get-AzureADUser -ObjectId $_.UPN).ObjectId
}
Note: Before running the script, you need to make sure the users are not already in the group, otherwise you will get a One or more added object references already exist for the following modified properties: 'members' error.
Currently run in to a bit of a stumbling block and i don't know if i am searching for the right thing on google to get the correct results to help me.
The situation....
1)In sharepoint via the GUI i can use unique permissions when setting up a site.
2)You are then presented with a page showing 3 possibilities(Read, Contribute and owner) of groups.
3)In these possibilities you can select to use an existing group or create a new one.
The setup i am looking for is use existing group for owner and create 2 new groups for contribute and read. How do i do this in powershell?
The other way i have thought about doing this is to not break permissions, Delete all the groups apart from the owners groups, Create 2 new groups, assign them contrbute and read and add them to the site. <- this sounds like it would work but also sounds like a workaround!
Cheers
Truez
Do you want to create custom permission levels, or custom groups but give them one of the exisiting permission levels? In the case of the former, the easiest way would be to create your custom permission levels in the GUI by copying and then modifying the existing Contribute and Read groups and then to assign these to your groups in your PowerShell script.
Here's the code you need to set your custom permissions on a site.
# Function to create role assignment variable for SharePoint group
#-----------------------------------------------------------------
Function CreateGroupRoleAssignment {
Param(
[parameter(Mandatory = $true)]
[string]
$RaName,
[parameter(Mandatory = $true)]
[string]
$GroupName
)
# Delete role assignment variable if it already exists
if(Test-Path "variable:global:$RaName") {
Write-Host "-- Removing existing Role Assignment variable: $RaName"
Remove-Variable -Name $RaName -Scope Global
}
# Create role assignment object variable in the global scope (to persist outside of the function)
Write-Host "-- Creating Role Assignment variable for SharePoint group: $GroupName"
New-Variable -Name $RaName -Value ([Microsoft.SharePoint.SPRoleAssignment] $RootWeb.SiteGroups[$GroupName]) -Scope Global
} # End Function CreateGroupRoleAssignment
# Script body
#------------
# Get your site
$Web = Get-SPWeb http://yoursiteurl
# Stop your site from inheriting permissions
$Web.BreakRoleInheritance($false)
# Create Role Definitions from the "Permission Levels" in your site
# Pick from the list in http://yoursiteurl/_layouts/role.aspx
$FullControlRD = $Web.RoleDefinitions | Where {$_.Name -eq "Full Control"}
$ContributeRD = $Web.RoleDefinitions | Where {$_.Name -eq "Contribute"}
$ReadRD = $Web.RoleDefinitions | Where {$_.Name -eq "Read"}
# Call function to create role assignments from your SharePoint site groups
# SharePoint groups inc. built-in Your Site Owners/Members/Visitors plus any you create
# See list of groups in http://yoursiteurl/_layouts/user.aspx
CreateRoleAssignment -RAName "OwnersRA" -GroupName "Your Site Owners"
CreateRoleAssignment -RAName "Group1RA" -GroupName "Your Custom Group 1"
CreateRoleAssignment -RAName "GRoup2RA" -GroupName "Your Custom Group 2"
# Bind the role definition to the role assignment to assign the desired permission level to each group
$OwnersRA.RoleDefinitionBindings.Add($FullControlRD)
$Group1RA.RoleDefinitionBindings.Add($ContributeRD)
$Group2RA.RoleDefinitionBindings.Add($ReadRD)
# Add the role assignment with the custom permission to your site
$Web.RoleAssignments.Add($OwnersRA)
$Web.RoleAssignments.Add($Group1RA)
$Web.RoleAssignments.Add($Group2RA)
I managed to find a solution.
I created the site so all the groups were inherited.
Broke inheritance
Once broken i looped through all the groups and removed any that didn't contain owner. This meant that the owner group still updated when you placed a member in the owner group at the root level site.
I then created a Members and readers group.
$businessUnitWeb = New-SPweb -Url "My Site" -Name "Test" -UseParentTopNav
$businessUnitWeb.BreakRoleInheritance($true)
$groupsToRemove = $businessUnitWeb.Groups| WHERE-OBJECT{$_.Name -ne "XXXXXXXXX Portal Owners"} | $businessUnitWeb.Groups.Remove($_)
$groupsToRemove | FOREACH-OBJECT{$businessUnitWeb.Groups.Remove($_)}
$usersToRemove = $businessUnitWeb.Users| WHERE-OBJECT{$_.Name -ne "XXXXXXXXXX Portal Owners"}
$usersToRemove | FOREACH-OBJECT{$businessUnitWeb.Users.Remove($_)}
}
$businessUnitWeb.SiteGroups.Add("$businessUnitWeb Read", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The read group for $businessUnitWeb")
$newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Read"]
$newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)
$newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Reader"))
$businessUnitWeb.RoleAssignments.Add($newGroupAssign)
$businessUnitWeb.update()
$businessUnitWeb.SiteGroups.Add("$businessUnitWeb Contributor", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The Contributor group for $businessUnitWeb")
$newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Contributor"]
$newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)
$newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Contributor"))
$businessUnitWeb.RoleAssignments.Add($newGroupAssign)
$businessUnitWeb.update()
Write-Host "Creating $businessAreaURL..... "
$businessUnitWeb.ApplyWebTemplate(Template stuuf")
If there are some typo's i've had to remove company tie's from the code.