Clatent

Technology | Fitness | Food

Groups

Getting Started with 365AutomatedLab Part 3

by Leave a Comment

Adding/Removing a User from Groups by User Role

I have to say that this function is one of my favorites. The reason why is how many companies can use only dynamic groups for adding users to their required groups? Using this function, you can create any job role name, then add the groups that job role requires. If you need help mass created groups check out Creating Groups with Excel. It can become the source of truth for standard groups per job role so you are only updating one location. Please test on your dev tenant first, but with most of the other cmdlets in this module they can be used in production, after proper testing.

Adding a User to Groups by User Role

The quickest way to add groups to a user is to use the 365DataEnvironment Excel file in the LabSources folder. I’ll show you that now, and how to customize it for your environment.

New-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT

This one line of PowerShell will add Mary White to all the groups associated with the user role “NY-IT,” which are “IT 365 Group, IT, IT NY, Printer – NY – 1, and Printer – NY – 2.”

FilePath: Is the location of the Excel workbook

UserEmail: The full email of the user you want to add groups to

Domain: The domain of your tenant

UserRole: This be the name of the worksheet for that user role.

If you want to create your own user roles, all you have to do is create a new worksheet and label it with the user role you want. Then you will need 4 columns which will be “DisplayName, PrimarySMTP, Description, and Type.” For type, the 4 different options are “365Group, 365MailEnabledSecurity, 365Distribution, and 365Security” depending on which groups you want to add them to. See image below for the template:

You can create as many user roles as you want. I used NY-IT naming convention as an example, but you can use whichever you want, as I know there are too many variations on how companies handle this and didn’t want to do a validateset on it.

That’s it, that is how you create the different job roles then how you add those groups to a user!

Removing a User from Groups by Job Role

I have a feeling after reading how to add, you already know how to remove groups from a user.

Remove-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT

Was I right? I really try to make these as simple as possible as I know we all are busy enough, and don’t want to make your life any busier.

Summary

You made it! Now you can easily add and remove user groups by job role with an Excel workbook. I know this is in 365AutomatedLab, but once you have tested, you could use this in production as it is great for onboarding and offboarding users.

As always please feel free to reach out if you have any questions, comments, concerns on this project or any others! If you can please star the GitHub repository as it will help others see it. Have a great day!

GitHub: https://github.com/DevClate/365AutomatedLab

Part 1 – Creating Users with Excel

Part 2 – Creating Groups with Excel

One-Liner Wednesday August 2, 2023

by Leave a Comment

Have you ever needed to create multiple 365 Groups/Security/Distribution at one time? This could be for a new department, new office, or even a new campaign that only certain people need access and email to. I won’t even go into the time it would take to do this in the GUI, but how would you add them scripting wise, as there are 4 types of Groups/Lists in 365. Do you only do one cmdlet at a time and hope someone doesn’t come back after you’ve already done some and they need to add another group with a cmdlet you’ve already used?

I have a nice simple one-liner to fix this issue.

Add-CT365Group -FilePath "C:\\Path\\to\\file.xlsx" -UserPrincialName "admin@domain.com" -Domain "domain.com"

That’s it.

Ok, to be fair, PowerShell wise that is all there is to it other than installing the 365AutomatedLab module from Github. After that only 3 steps needed, and well worth it. Here are the steps:

  1. Create a workbook in Excel, and have a sheet named “Groups”
  2. Add the Headers “DisplayName”, “PrimarySMTP”, “Description”, “Owner”, and “Type”
    1. DisplayName is self explanatory as this will be the Display name for the group
    2. PrimarySMTP is the email address without the @domain.com
    3. Description is self explanatory as this will be the description value for the group
    4. Owner is only a placeholder, but will be adding that soon
    5. Type will be the type of group it is – and will pull the corresponding cmdlet
      1. 365Group
      2. 365MailEnabledSecurity
      3. 365Distribution
      4. 365Security
  3. Add your Group information in the corresponding fieldsExcel worksheet example

After those are filled in, you can run the script from above pointing to where you saved that excel file, and all those groups you added to the Excel worksheet named “Groups” will be added (As long as you have the correct permissions)

It’s really that simple. I’m looking to expand the properties you can add into the groups, if there are any you’d rather see first, please let me know.

I hope you found this useful and it saves you time/headaches from having to more manually add them! As always if I can help out in anyway, please feel free to reach out!

Microsoft Documentation on Group Types

New-UnifiedGroup

New-DistributionGroup

New-MgGroup

Creating an AD Security Group

by Leave a Comment

We’ve all had to create a security group before, but why not standardize it.

First, what fields are mandatory and helpful for creating a security group? We will need these to create parameters to make sure they are always filled out.

  • Security Group Name
  • Display Name
  • Description of Group
  • Credential

Then we create the function parameters as below. If you notice the Mandatory and help message in there, these will require these parameters to be entered in before running as well as give help if someone is unsure of what needs to be entered.

#Create Security Group
#Change the OU path if necessary

[CmdletBinding()]
param (
    [Parameter(Mandatory,HelpMessage='Name of Security Group')]
    [string]$Name,

    [Parameter(Mandatory,HelpMessage='Display Name of Security Group')]
    [string]$DisplayName,

    [Parameter(HelpMessage='Description of Security Group')]
    [string]$Description,

    [Parameter(Mandatory)]
    [ValidateNotNull()]
    [System.Management.Automation.PSCredential]
    [System.Management.Automation.Credential()]
    $Credential = [System.Management.Automation.PSCredential]::Empty

)

Then we apply these parameters to our code

New-ADGroup -Name $Name -Credential $Credential -SamAccountName $Name -GroupCategory Security -GroupScope Global -DisplayName $DisplayName -Path "OU=Security Groups,DC=domain,DC=local" -Description $Description -Confirm

As you can see I’ve hard coded the default OU Path, which you can easily change, or even create a variable for it too. Also you’ll notice that I put the “-Confirm” at the end, this will ask you again if you want to create it after you attempt to run it.

And that’s it! Now you can make sure you and your team always create AD Security Groups the same way. You can add more parameters if you like, check out the New-ADGroup Help for more info.