Adding/Removing a User from Groups by User Role
I have to say that this function is one of my favorites. The reason why is how many companies can use only dynamic groups for adding users to their required groups? Using this function, you can create any job role name, then add the groups that job role requires. If you need help mass created groups check out Creating Groups with Excel. It can become the source of truth for standard groups per job role so you are only updating one location. Please test on your dev tenant first, but with most of the other cmdlets in this module they can be used in production, after proper testing.
Adding a User to Groups by User Role
The quickest way to add groups to a user is to use the 365DataEnvironment Excel file in the LabSources folder. I’ll show you that now, and how to customize it for your environment.
New-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT
This one line of PowerShell will add Mary White to all the groups associated with the user role “NY-IT,” which are “IT 365 Group, IT, IT NY, Printer – NY – 1, and Printer – NY – 2.”
FilePath: Is the location of the Excel workbook
UserEmail: The full email of the user you want to add groups to
Domain: The domain of your tenant
UserRole: This be the name of the worksheet for that user role.
If you want to create your own user roles, all you have to do is create a new worksheet and label it with the user role you want. Then you will need 4 columns which will be “DisplayName, PrimarySMTP, Description, and Type.” For type, the 4 different options are “365Group, 365MailEnabledSecurity, 365Distribution, and 365Security” depending on which groups you want to add them to. See image below for the template:
You can create as many user roles as you want. I used NY-IT naming convention as an example, but you can use whichever you want, as I know there are too many variations on how companies handle this and didn’t want to do a validateset on it.
That’s it, that is how you create the different job roles then how you add those groups to a user!
Removing a User from Groups by Job Role
I have a feeling after reading how to add, you already know how to remove groups from a user.
Remove-CT365GroupByUserRole -FilePath "C:\\365AutomatedLab\\LabSources\\365DataEnvironment.xlsx" -UserEmail mwhite@yourdomain.onmicrosoft.com -Domain yourdomain.onmicrosoft.com -UserRole NY-IT
Was I right? I really try to make these as simple as possible as I know we all are busy enough, and don’t want to make your life any busier.
Summary
You made it! Now you can easily add and remove user groups by job role with an Excel workbook. I know this is in 365AutomatedLab, but once you have tested, you could use this in production as it is great for onboarding and offboarding users.
As always please feel free to reach out if you have any questions, comments, concerns on this project or any others! If you can please star the GitHub repository as it will help others see it. Have a great day!
GitHub: https://github.com/DevClate/365AutomatedLab
Part 1 – Creating Users with Excel
Part 2 – Creating Groups with Excel