Forum Discussion
Enforce naming conventions across Office 365 Groups
I ran into that too, and I think my problem was because I hadn't actually created the Group.Unified object/setting in AzureAD yet. Therefore, the error report was technically correct.
Check this to see if you have anything configured:
Get-AzureADDirectorySetting | ForEach Values
If not, create the settings AAD object:
Creating the Group.Unified Settings object (1-time task)
$template = Get-AzureADDirectorySettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $setting
After that, the 'is null' error should go away as the setting actually exists.
Re-run Get-AzureADDirectorySetting | ForEach Values and you should at least see the blank settings.
I found this site extremely helpful getting my settings configured & managing them:
https://drewmadelung.com/managing-office-365-group-using-azure-ad-powershell-v2/
HTH
MicrosoftJason it only applies to net new created groups and it does not update existing ones, please see this article for more details, please note it's a "Public Preview": https://support.office.com/en-us/article/office-365-groups-naming-policy-6ceca4d3-cad1-4532-9f0f-d469dfbbb552?ui=en-US&rs=en-US&ad=US
I'm trying to create a new policy with the command
Set-AzureADDirectorySetting -Id group-policy -DirectorySetting “[Company]-"
I'm getting an error
Set-AzureADDirectorySetting : Cannot bind parameter 'DirectorySetting'. Cannot convert the "[Company]-" value of type "System.String" to type "Microsoft.Open.MSGraph.Model.DirectorySetting".
Any ideas?
- cfiessinger
Correct syntax for an existing policy:
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["CustomBlockedWordsList"]=“contoso,payroll,ceo,cfo,hr,sales,marketing,info,admin,null,vulgar,ass,shit,zut,merde"
$Setting["PrefixSuffixNamingRequirement"]=“G_[GroupName]_[Department]"Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
Kindly suggest what is wrong happening here, Tried everything in Directory Parameter.
PS C:\WINDOWS\system32> Get-AzureADGroup -SearchString "AllowedtocreateO365Groups"
ObjectId DisplayName Description
-------- ----------- -----------
ad5ceeae-033f-46e8-99dd-fbc570bbc0e8 AllowedtocreateO365Groups
PS C:\WINDOWS\system32> Get-AzureADGroup -SearchString "AllowedtocreateO365Groups"ObjectId DisplayName Description
-------- ----------- -----------
ad5ceeae-033f-46e8-99dd-fbc570bbc0e8 AllowedtocreateO365Groups
PS C:\WINDOWS\system32> $Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
PS C:\WINDOWS\system32> $Setting = $Template.CreateDirectorySetting()
PS C:\WINDOWS\system32> New-AzureADDirectorySetting -DirectorySetting $Setting
New-AzureADDirectorySetting : Error occurred while executing NewDirectorySetting
StatusCode: BadRequest
ErrorCode: Request_BadRequest
Message: A conflicting object with one or more of the specified property values is present in the directory.
At line:1 char:1
+ New-AzureADDirectorySetting -DirectorySetting $Setting
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADDirectorySetting], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewDirectorySettingPS C:\WINDOWS\system32> Get-AzureADDirectorySetting
Id DisplayName TemplateId Values
-- ----------- ---------- ------
0dd206ca-7d7d-4649-bb2e-ca8246f11a3e Group.Unified 62375ab9-6b52-47ed-826b-58e47e0e304b {class SettingValue {...
PS C:\WINDOWS\system32> $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
Get-AzureADDirectorySetting : A parameter cannot be found that matches parameter name 'Id'.
At line:1 char:40
+ $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetti ...
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Get-AzureADDirectorySetting], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Open.MSGraphBeta.PowerShell.GetDirectorySettingPS C:\WINDOWS\system32> $Setting = Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ
PS C:\WINDOWS\system32> $Setting["EnableGroupCreation"] = $False
PS C:\WINDOWS\system32> $Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "AllowedtocreateO365Groups").objectid
PS C:\WINDOWS\system32> Set-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ -DirectorySetting $Settingcmdlet Set-AzureADDirectorySetting at command pipeline position 1
Supply values for the following parameters:
DirectorySetting: AllowedtocreateO365Groups
Set-AzureADDirectorySetting : Cannot bind parameter 'DirectorySetting'. Cannot convert the "AllowedtocreateO365Groups" value of type "System.String" to type "Microsoft.Open.MSGraph.Model.DirectorySetting".
At line:1 char:1
+ Set-AzureADDirectorySetting | where -Property DisplayName -Value "Gr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AzureADDirectorySetting], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Open.MSGraphBeta.PowerShell.SetDirectorySettingPS C:\WINDOWS\system32> $setting
Id DisplayName TemplateId Values
-- ----------- ---------- ------
0dd206ca-7d7d-4649-bb2e-ca8246f11a3e Group.Unified 62375ab9-6b52-47ed-826b-58e47e0e304b {class SettingValue {...
PS C:\WINDOWS\system32> (Get-AzureADDirectorySetting).valuesName Value
---- -----
CustomBlockedWordsList
EnableMSStandardBlockedWords False
ClassificationDescriptions
DefaultClassification
PrefixSuffixNamingRequirement
AllowGuestsToBeGroupOwner False
AllowGuestsToAccessGroups True
GuestUsageGuidelinesUrl
GroupCreationAllowedGroupId
AllowToAddGuests True
UsageGuidelinesUrl
ClassificationList
EnableGroupCreation True
PS C:\WINDOWS\system32>- cfiessinger
Lots of errors in your multiple cmdlets, please follow the step by step from this article: https://support.office.com/en-us/article/Manage-who-can-create-Office-365-Groups-4c46c8cb-17d0-44b5-9776-005fced8e618
Is [Company] actually one of the available options? Maybe it's 'companyname', or something else? I haven't started playing with the AAD components yet, but that's a guess. I'd like to see a list of accepted attributes if one exists.
There's a list on this post
https://docs.microsoft.com/en-us/azure/active-directory/groups-naming-policy
User attributes
You can use attributes that can help you and your users identify which department, office or geographic region for which the group was created. For example, if you define your naming policy as
PrefixSuffixNamingRequirement = “GRP [GroupName] [Department]”, andUser’s department = Engineering, then an enforced group name might be “GRP My Group Engineering." Supported Azure AD attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title]. Unsupported user attributes are treated as fixed strings; for example, “[postalCode]”. Extension attributes and custom attributes aren't supported.- cfiessinger
Here is an example in addition to the documentation, note the policy does not apply when you are logged in as an administrator so you will need to test with a 'regular" end user + see this as well: https://support.office.com/en-us/article/office-365-groups-naming-policy-6ceca4d3-cad1-4532-9f0f-d469dfbbb552?ui=en-US&rs=en-US&ad=US
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["CustomBlockedWordsList"]=“contoso,payroll,ceo,cfo,hr,sales,marketing,info,admin,null,vulgar,ass,shit,zut,merde"
$Setting["PrefixSuffixNamingRequirement"]=“G_[GroupName]_[Department]"Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
