Is there away I can download a list of all the users in an Azure group to an excel file? We have large Azure groups and want an easier way to send a list to a group of users for review. It would be even better if I could automate this procedure maybe even email it to the users once a week.
I hope you can help!
Colin
You could directly bulk download the members of a group in your organization to a CSV file using Azure AD Portal. It seems the easiest way.
The other methods need to loop all users in the group. The following is an example with Powershell.
$group_ObjectId = ""
$members = Get-AzureADGroupMember -ObjectId $group_ObjectId -All $true
ForEach ($member in $members){
Write-output $group.DisplayName "," $member.ObjectId "," $member.ObjectType $member.UserType "," $member.UserPrincipalName >> C:\scripts\output.csv
}
And create weekly scheduled task with Scheduled Task. For more details, see here.
$action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-File C:\scripts\getUserList.ps1'
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Saturday -At 3am
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Task Name Here"
Related
I have created Dynamic Group for assigning License to All Azure AD user automatically using powershell in production Environment.
Here is my script:
`New-AzureADMSGroup -DisplayName "us_demo_group" -Description " your Descriptions-MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -membershipRule "(user.department -contains ""Marketing"")" -membershipRuleProcessingState "On"
Add-AADGroupLicenseAssignment -groupId "a5e95316-1c03-44d7-afac-efd0e788122c" -accountSkuId "your skuid:FLOW_FREE"
`
My script is working fine, but when I tried to create a bulk users using Excel File, Users are not getting License, always showing **No License assignment Found **.
Any help is appreciated.
I tried to reproduce the same in my environment to assign the license to Azure AD user dynamically using power shell
I have created Azure dynamic group using powerShell, name-TestGroup1 with condition.
#Install AzureADLicensing Module
Install-Module -Name AzureADLicensing
#Import AzureADPreview
Import-Module AzureADPreview
#Connect to Azure AD
Connect-AzureAD
New-AzureADMSGroup -DisplayName "TestGroup1" -Description "This group contains information of users from us domain" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -membershipRule "(user.department -contains ""Finance"")" -membershipRuleProcessingState "On"
TestGroup1 created once execute the above code.
Assign the license to group, like below
#Get All License with SKUID
Get-AADGroupLicenseAssignment -All
You can fetch the group ID, like below.
#Assign License to Group
Add-AADGroupLicenseAssignment -groupId "GroupIDObject ID" -accountSkuId "Your SKUID"
Create bulk user in Azure Active Directory, like below.
Azure Portal > Default Directory > Users > Bulk Operations > Bulk Create
Make sure mention the department value for moving the users to dynamic group automatically.
Download the excel file and add the value in excel and save, like below.
Once add the value in excel and Upload the excel to Azure, like below.
Successfully created bulk- users with license in Azure AD.
You can view the users in assigned group.
License assigned to group users automatically.
Successfully assigned Azure license to created users.
I'm trying to import a CSV file to do a bulk service accounts and change to password never expire in Azure. I think it loop is called foreach.
$connect = Connect-AzureAD -AccountId $env:USERNAME#company.com
Set-AzureADUser -ObjectId test01#company.com -PasswordPolicies DisablePasswordExpiration
I think it loop is called foreach
Yes, Use the foreach to do bulk operation.
Workaround follows:
# you can use the below code for bulk opertation
Import-CSV "<user file>" | foreach {
Set-AzureADUser -ObjectId $_.UserPrincipalName -PasswordPolicies DisablePasswordExpiration
}
Result
Changes applied in Azure AD
On Azure Portal we can grant Contributor role to Subscription using PIM for limited period of time.
Like 1 - 2 - 3 hours.
Those are called eligible assignments.
Anyone has tried assigning eligible assignments using powershell ?
As per my research -- AZureADPreview module is present.
(https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/powershell-for-azure-ad-roles )
But it is still under preview and doens't have full functionality.
I think the functionality has already been mentioned in the doc, give a sample here to elaborate on the specific usage.
For example, you want to assign the Application Administrator role to a user, then the script should be:
Note: The -ResourceId parameter uses your AAD tenant id <tenant-id>.
$role = Get-AzureADMSPrivilegedRoleDefinition -ProviderId aadRoles -ResourceId "<tenant-id>" | Where-Object {$_.DisplayName -eq 'Application Administrator'}
$schedule = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedSchedule
$schedule.Type = "Once"
$schedule.StartDateTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$schedule.endDateTime = "2021-07-25T20:49:11.770Z"
Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId aadRoles -Schedule $schedule -ResourceId "<tenant-id>" -RoleDefinitionId $role.Id -SubjectId "<object-id of user or group>" -AssignmentState "Eligible" -Type "AdminAdd"
Check in the portal:
I find myself in a situation where I have a subscription key in a project I inherited, for which I need to determine the product that the key is attached to. We have a couple hundred products, and manually inspecting each one and "show"ing the values of each of its subscription keys is not something I want to do... Is there a way of scripting this? My Googling so far has only revealed solutions for obtaining keys from a known product, which is the opposite of what I need...
Subscription Key is not unique so you can't get a product using a subscription key as many products from different services might have subscriptions that holds the same subscription keys so no such an api to do this.
In general you can write a script using the list product subscription api and list secrets api to achieve such a thing.
https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/productsubscriptions/list#code-try-0
https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/subscription/listsecrets#code-try-0
If you are looking just to see to which product a specific call has been made then you can use any of the solutions below and I prefer the log analytics one.
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor
If you have a key and want to know which product is the key for, you can use Azure PowerShell: API management module to do this.
Just try the code below:
$apimName = "<apim name>"
$apimSresourceGroup = "<apim resource group name>"
$key = "<your ssubscription key>"
$apim_context = New-AzApiManagementContext -ResourceGroupName $apimSresourceGroup -ServiceName $apimName
$subs = Get-AzApiManagementSubscription -Context $apim_context
foreach($sub in $subs){
if($sub.PrimaryKey -eq $key -or $sub.SecondaryKey -eq $key){
write-host 'this key is for product:'$sub.ProductId' belongs to user with ID:' $sub.UserId ' subscription name:'$sub.Name
}
}
Result:
Let me know if you have any further questions.
Is there a way to write PowerShell command to "Follow in inbox" to a group?
or maybe Microsoft Graph API?
I am trying through the code to implement this feature, but can't see any documentation.
In office 365 every user that joins a group can use the dropdown to select Follow in inbox or Stop following in inbox:
here an image example of follow in inbox
I dont know a possiblity to do that via Powershell. You can set it in the AdminCenter gui of Office365 in the group settings.
See here: https://learn.microsoft.com/en-us/office365/admin/create-groups/create-groups?view=o365-worldwide#how-following-group-email-works
Update:
It seems that you can do it with the Graph API: https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0
Function "UpdateGroup" and the Setting "autoSubscribeNewMembers".
Note: This will only take effect for new members not for existing ones!
Thank you, Hannes
This is a PowerShell I wrote:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
<#Get all Office 365 Groups that AutoSubscribeNewMembers disabled#>
$O365Groups = Get-UnifiedGroup | Where-Object{$_.AutoSubscribeNewMembers -eq $false}
<#Iterate through the Groups, enabling the AutoSubscribeNewMember#>
foreach ($group in $O365Groups)
{
Set-UnifiedGroup $group.Identity -AutoSubscribeNewMembers:$true
}
<#Close the Session#>
Remove-PSSession $Session
Works fine only for new member in the group
I was searching for the opposite command, to unsubscribe a user manually from powershell due to an external user receiving the emails for a group that were unnecessary to send externally.
Here are the powershell commands, connected to Exhange Online Powershell version 2:
View subscribers:
Get-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers
Add subscribers:
Add-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Remove subscribers:
Remove-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Documentation
I have been working on some sample commands for this exact topic: Unsubscribe-FollowInInbox.ps1 (for full list of code samples)
Some samples:
#Check subscription status for ALL unified groups
Get-UnifiedGroup | Format-Table Name,*subscribe* -AutoSize
Here is PowerShell to make all "members" in to "subscribers" (aka Follow In Inbox)
##########################################
# Loop 1 - SUBSCRIBE all group members #
##########################################
#Store the team name in a variable. Change this to match your team.
#To find this for your team, use (Get-UnifiedGroup *test-team*).PrimarySmtpAddress
$teamname = "test-team#example.com"
#Find all the members of the Unified Group "test-team" and store their UserMailbox objects in a variable called "members"
$members = Get-UnifiedGroup $teamname | Get-UnifiedGroupLinks -LinkType Member
#Create a variable to keep track of how many members we have subscribed or unsubscribed
$membercount = ($members.Count)
#Loop through the list of members and add a subscriber link for each one
foreach ($member in $members)
{
#Decrement the member count
$membercount--
#Write progress to the PowerShell window
Write-Host "Adding subscriber link for user $($member.PrimarySmtpAddress), $membercount users remaining"
#Add the UnifiedGroupLink to make each user a subscriber
Add-UnifiedGroupLinks -Identity $teamname -Links $($member.PrimarySmtpAddress) -LinkType Subscriber -Confirm:$false
}