-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathBulkCreateGroups.ps1
208 lines (167 loc) · 6.57 KB
/
BulkCreateGroups.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#Requires -Version 7
[CmdletBinding()]
param(
[PSCredential] $Credential,
[Parameter(Mandatory = $False, HelpMessage = 'Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
[string] $tenantId,
[Parameter(Mandatory = $False, HelpMessage = 'Azure environment to use while running the script (it defaults to AzureCloud)')]
[string] $azureEnvironmentName
)
<#.Description
This function generates groups names.
#>
Function GetGroupName([int] $val)
{
if ($val -lt 10)
{
$groupName = "Test Group 00" + $val;
}
elseif ($val -lt 100)
{
$groupName = "Test Group 0" + $val;
}
else
{
$groupName = "Test Group " + $val;
}
return $groupName;
}
<#.Description
This function creates security groups and assigns the user to the security groups.
#>
Function CreateGroupsAndAssignUser($user)
{
$val = 1;
while ($val -ne 223)
{
$groupName = GetGroupName -val $val
$group = Get-MgGroup -Filter "DisplayName eq '$groupName'"
$groupNameLower = $groupName.ToLower();
$nickName = $groupNameLower.replace(' ','');
if ($group)
{
Write-Host "Group '$($group.DisplayName)' already exists"
$newsg = $group
}
else
{
try
{
$newsg = New-MgGroup -DisplayName $groupName -MailEnabled:$False -MailNickName $nickName -SecurityEnabled
Write-Host "Successfully created group '$($newsg.DisplayName)'"
}
catch
{
$_.Exception.ToString() | out-host
$message = $_
Write-Warning $Error[0]
Write-Host "Unable to create group '$($newsg.DisplayName)'. Error is $message." -ForegroundColor White -BackgroundColor Red
}
}
$userId = $user.Id
$params = @{
"@odata.id"="https://graph.microsoft.com/v1.0/users/$userId"
}
try
{
New-MgGroupMemberByRef -GroupId $newsg.Id -BodyParameter $params
Write-Host "Successfully assigned user to group '$($newsg.DisplayName)'"
}
catch
{
$_.Exception.ToString() | out-host
$message = $_
Write-Warning $Error[0]
Write-Host "Unable to assign user to group '$($newsg.DisplayName)'. Error is $message." -ForegroundColor White -BackgroundColor Red
}
$val += 1;
}
}
<#.Description
This function signs in the user to the tenant using Graph SDK.
Add the user object_id below to assign the user the groups
#>
Function ConfigureApplications
{
if (!$azureEnvironmentName)
{
$azureEnvironmentName = "Global"
}
Write-Host "Connecting to Microsoft Graph"
if ($tenantId -eq "")
{
Connect-MgGraph -Scopes "Organization.Read.All User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All" -Environment $azureEnvironmentName
}
else
{
Connect-MgGraph -TenantId $tenantId -Scopes "Organization.Read.All User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All" -Environment $azureEnvironmentName
}
$context = Get-MgContext
$tenantId = $context.TenantId
# Get the user running the script
$currentUserPrincipalName = $context.Account
$user = Get-MgUser -Filter "UserPrincipalName eq '$($context.Account)'"
# get the tenant we signed in to
$Tenant = Get-MgOrganization
$tenantName = $Tenant.DisplayName
$verifiedDomain = $Tenant.VerifiedDomains | where {$_.Isdefault -eq $true}
$verifiedDomainName = $verifiedDomain.Name
$tenantId = $Tenant.Id
Write-Host ("Connected to Tenant {0} ({1}) as account '{2}'. Domain is '{3}'" -f $Tenant.DisplayName, $Tenant.Id, $currentUserPrincipalName, $verifiedDomainName)
# Add user object Id here
$usersobjectId = Read-Host -Prompt "Enter the object Id (from Azure portal) of the user who will assigned to these security groups, or press enter to use the currently signed-in user's object Id - '$($user.Id)'"
if ($usersobjectId -eq '')
{
$usersobjectId = $user.Id
}
$userassigned = Get-MgUser -UserId $usersobjectId
Write-Host 'Found user -'
$userassigned | Format-List ID, DisplayName, Mail, UserPrincipalName
Write-Host 'Starting operation. If you consistently get errors about existing odataref, please reboot your machine and try again. Restarting the PowerShell session does not always work.'
CreateGroupsAndAssignUser -user $userassigned
}
# Pre-requisites
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph")) {
Install-Module "Microsoft.Graph" -Scope CurrentUser
}
#Import-Module Microsoft.Graph
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) {
Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser
}
Import-Module Microsoft.Graph.Authentication
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Identity.DirectoryManagement")) {
Install-Module "Microsoft.Graph.Identity.DirectoryManagement" -Scope CurrentUser
}
Import-Module Microsoft.Graph.Identity.DirectoryManagement
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication"))
{
Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser
Write-Host "Installed Microsoft.Graph.Authentication module. If you are having issues, please create a new PowerShell session and try again."
}
Import-Module Microsoft.Graph.Authentication
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups"))
{
Install-Module "Microsoft.Graph.Groups" -Scope CurrentUser
Write-Host "Installed Microsoft.Graph.Groups module. If you are having issues, please create a new PowerShell session and try again."
}
Import-Module Microsoft.Graph.Groups
if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users"))
{
Install-Module "Microsoft.Graph.Users" -Scope CurrentUser
Write-Host "Installed Microsoft.Graph.Users module. If you are having issues, please create a new PowerShell session and try again."
}
Import-Module Microsoft.Graph.Users
$ErrorActionPreference = "Stop"
try
{
ConfigureApplications -tenantId $tenantId -environment $azureEnvironmentName
}
catch
{
$_.Exception.ToString() | out-host
$message = $_
Write-Warning $Error[0]
Write-Host "Unable to register apps. Error is $message." -ForegroundColor White -BackgroundColor Red
}
Write-Host "Disconnecting from tenant"
Disconnect-MgGraph