SOLVED

Assign users security group to the desktop application group?

Copper Contributor

Hy,

 

>> The Add-RdsAppGroupUser cmdlet doesn't support adding security groups and only adds one user at a time to the app group. If you want to add multiple users to the app group, rerun the cmdlet with the appropriate user principal names. <<
-> is there any workaround for adding AD-Groups? Our customer has a lot of accounts to add.

 

Thanks,

Erik

10 Replies
best response confirmed by Christian_Montoya (Microsoft)
Solution

@eriknu : One way that a lot of folks achieve this is by polling an Azure AD group, then refreshing every morning (or couple of hours). I don't have the exact PowerShell, but basically a script that does:

 

- Get a list of all users in <AADSecurityGroup>

- Get a list of all users in <RdsAppGroup>

- Find users in <RdsAppGroup> but not <AADSecurityGroup>

   - Foreach user, remove the user from <RdsAppGroup>

- Find users in <AADSecurityGroup> but not <RdsAppGroup>

   - Foreach user, add the user to the <RdsAppGroup>

thanks for this. I would try it at the next demo deployment.

So what is the command to running this against an existing group in AAD??

@Renfordd_Douglas

 

is there a new update/enhancement for this to make things easier? maybe in WVD Management portalA?

@mr2urbo : This work is part of our integration into the Azure Portal. We do not have a specific date for preview, but targeting this Spring.

None that I am aware of at this time.

Just checking in to see if there was any update to being able to directly use security groups yet?

If this update feature or some other way to add Groups directly to Application group is available now, could someone point me to that
go to azure portal - Windows Virtual Desktop - Application group - choose your group - Assignments - Add -> Select Azure AD users or user groups
1 best response

Accepted Solutions
best response confirmed by Christian_Montoya (Microsoft)
Solution

@eriknu : One way that a lot of folks achieve this is by polling an Azure AD group, then refreshing every morning (or couple of hours). I don't have the exact PowerShell, but basically a script that does:

 

- Get a list of all users in <AADSecurityGroup>

- Get a list of all users in <RdsAppGroup>

- Find users in <RdsAppGroup> but not <AADSecurityGroup>

   - Foreach user, remove the user from <RdsAppGroup>

- Find users in <AADSecurityGroup> but not <RdsAppGroup>

   - Foreach user, add the user to the <RdsAppGroup>

View solution in original post