Mar 05 2018 10:38 AM
Now that we can enforce naming standards in Azure AD vs exchange, has anyone tried yet?
Does it update existing groups like exchange did?
thanks,jb
Mar 05 2018 01:36 PM
Jason it only applies to net new created groups and it does not update existing ones, please see this article for more details, please note it's a "Public Preview": https://support.office.com/en-us/article/office-365-groups-naming-policy-6ceca4d3-cad1-4532-9f0f-d46...
Mar 12 2018 06:46 AM
I'm trying to create a new policy with the command
Set-AzureADDirectorySetting -Id group-policy -DirectorySetting “[Company]-"
I'm getting an error
Set-AzureADDirectorySetting : Cannot bind parameter 'DirectorySetting'. Cannot convert the "[Company]-" value of type "System.String" to type "Microsoft.Open.MSGraph.Model.DirectorySetting".
Any ideas?
Mar 12 2018 09:38 AM
I had a lot of success configuring and using the Groups AAD settings last week, with one exception: Naming Policy. Below is the output from the Groups Settings I have in place.
I cannot get the "O365Grp-[GroupName]" prefix to be generated on any new groups. Based on the research I did, the brackets serve to insert the actual group name, and it's just not happening. When I created the 'PrefixSuffixNamingRequirement' setting, I didn't get an error. I've also changed it around a bit, to include/exclude the [GroupName] component but nothing made any difference.
Any suggestions are appreciated.
Thx
Any suggestions?
Mar 12 2018 09:41 AM
Is [Company] actually one of the available options? Maybe it's 'companyname', or something else? I haven't started playing with the AAD components yet, but that's a guess. I'd like to see a list of accepted attributes if one exists.
Mar 12 2018 09:48 AM
There's a list on this post
https://docs.microsoft.com/en-us/azure/active-directory/groups-naming-policy
You can use attributes that can help you and your users identify which department, office or geographic region for which the group was created. For example, if you define your naming policy as PrefixSuffixNamingRequirement = “GRP [GroupName] [Department]”
, and User’s department = Engineering
, then an enforced group name might be “GRP My Group Engineering." Supported Azure AD attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title]. Unsupported user attributes are treated as fixed strings; for example, “[postalCode]”. Extension attributes and custom attributes aren't supported.
Mar 12 2018 11:02 AM
Here is an example in addition to the documentation, note the policy does not apply when you are logged in as an administrator so you will need to test with a 'regular" end user + see this as well: https://support.office.com/en-us/article/office-365-groups-naming-policy-6ceca4d3-cad1-4532-9f0f-d46...
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["CustomBlockedWordsList"]=“contoso,payroll,ceo,cfo,hr,sales,marketing,info,admin,null,vulgar,ass,shit,zut,merde"
$Setting["PrefixSuffixNamingRequirement"]=“G_[GroupName]_[Department]"
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
Mar 12 2018 11:10 AM
Get-AzureADDirectorySetting
returns nothing, so when I try to run
Get-AzureADDirectorySetting : Cannot bind argument to parameter 'Id' because it is null.
At line:1 char:44
+ ... Setting -Id (Get-AzureADDirectorySetting | where -Property DisplayNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureADDirectorySetting], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.GetDirectorySetting
Cannot index into a null array.
At line:3 char:1
+ $Setting["PrefixSuffixNamingRequirement"] = “[Company]-[GroupName]"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
Set-AzureADDirectorySetting : Cannot bind argument to parameter 'Id' because it is null.
At line:4 char:33
+ ... Setting -Id (Get-AzureADDirectorySetting | where -Property DisplayNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AzureADDirectorySetting], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.SetDirectorySetting
Mar 12 2018 12:41 PM
SolutionI ran into that too, and I think my problem was because I hadn't actually created the Group.Unified object/setting in AzureAD yet. Therefore, the error report was technically correct.
Check this to see if you have anything configured:
Get-AzureADDirectorySetting | ForEach Values
If not, create the settings AAD object:
Creating the Group.Unified Settings object (1-time task)
$template = Get-AzureADDirectorySettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $setting
After that, the 'is null' error should go away as the setting actually exists.
Re-run Get-AzureADDirectorySetting | ForEach Values and you should at least see the blank settings.
I found this site extremely helpful getting my settings configured & managing them:
https://drewmadelung.com/managing-office-365-group-using-azure-ad-powershell-v2/
HTH
Mar 12 2018 01:25 PM
Mar 13 2018 06:42 AM
Correct syntax for an existing policy:
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["CustomBlockedWordsList"]=“contoso,payroll,ceo,cfo,hr,sales,marketing,info,admin,null,vulgar,ass,shit,zut,merde"
$Setting["PrefixSuffixNamingRequirement"]=“G_[GroupName]_[Department]"
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
Apr 28 2018 10:04 AM
Jul 11 2018 09:52 PM - edited Jul 11 2018 10:45 PM
Kindly suggest what is wrong happening here, Tried everything in Directory Parameter.
PS C:\WINDOWS\system32> Get-AzureADGroup -SearchString "AllowedtocreateO365Groups"
ObjectId DisplayName Description
-------- ----------- -----------
ad5ceeae-033f-46e8-99dd-fbc570bbc0e8 AllowedtocreateO365Groups
PS C:\WINDOWS\system32> Get-AzureADGroup -SearchString "AllowedtocreateO365Groups"
ObjectId DisplayName Description
-------- ----------- -----------
ad5ceeae-033f-46e8-99dd-fbc570bbc0e8 AllowedtocreateO365Groups
PS C:\WINDOWS\system32> $Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
PS C:\WINDOWS\system32> $Setting = $Template.CreateDirectorySetting()
PS C:\WINDOWS\system32> New-AzureADDirectorySetting -DirectorySetting $Setting
New-AzureADDirectorySetting : Error occurred while executing NewDirectorySetting
StatusCode: BadRequest
ErrorCode: Request_BadRequest
Message: A conflicting object with one or more of the specified property values is present in the directory.
At line:1 char:1
+ New-AzureADDirectorySetting -DirectorySetting $Setting
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADDirectorySetting], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewDirectorySetting
PS C:\WINDOWS\system32> Get-AzureADDirectorySetting
Id DisplayName TemplateId Values
-- ----------- ---------- ------
0dd206ca-7d7d-4649-bb2e-ca8246f11a3e Group.Unified 62375ab9-6b52-47ed-826b-58e47e0e304b {class SettingValue {...
PS C:\WINDOWS\system32> $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
Get-AzureADDirectorySetting : A parameter cannot be found that matches parameter name 'Id'.
At line:1 char:40
+ $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetti ...
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Get-AzureADDirectorySetting], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Open.MSGraphBeta.PowerShell.GetDirectorySetting
PS C:\WINDOWS\system32> $Setting = Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ
PS C:\WINDOWS\system32> $Setting["EnableGroupCreation"] = $False
PS C:\WINDOWS\system32> $Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "AllowedtocreateO365Groups").objectid
PS C:\WINDOWS\system32> Set-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ -DirectorySetting $Setting
cmdlet Set-AzureADDirectorySetting at command pipeline position 1
Supply values for the following parameters:
DirectorySetting: AllowedtocreateO365Groups
Set-AzureADDirectorySetting : Cannot bind parameter 'DirectorySetting'. Cannot convert the "AllowedtocreateO365Groups" value of type "System.String" to type "Microsoft.Open.MSGraph.Model.DirectorySetting".
At line:1 char:1
+ Set-AzureADDirectorySetting | where -Property DisplayName -Value "Gr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AzureADDirectorySetting], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Open.MSGraphBeta.PowerShell.SetDirectorySetting
PS C:\WINDOWS\system32> $setting
Id DisplayName TemplateId Values
-- ----------- ---------- ------
0dd206ca-7d7d-4649-bb2e-ca8246f11a3e Group.Unified 62375ab9-6b52-47ed-826b-58e47e0e304b {class SettingValue {...
PS C:\WINDOWS\system32> (Get-AzureADDirectorySetting).values
Name Value
---- -----
CustomBlockedWordsList
EnableMSStandardBlockedWords False
ClassificationDescriptions
DefaultClassification
PrefixSuffixNamingRequirement
AllowGuestsToBeGroupOwner False
AllowGuestsToAccessGroups True
GuestUsageGuidelinesUrl
GroupCreationAllowedGroupId
AllowToAddGuests True
UsageGuidelinesUrl
ClassificationList
EnableGroupCreation True
PS C:\WINDOWS\system32>
Jul 12 2018 08:54 AM
Lots of errors in your multiple cmdlets, please follow the step by step from this article: https://support.office.com/en-us/article/Manage-who-can-create-Office-365-Groups-4c46c8cb-17d0-44b5-...
Jul 12 2018 03:53 PM - edited Jul 12 2018 06:00 PM
Hello Sir,
I generated those error in my question to show you. And I am following the same article.
-----------------------------------------------------------------------
New-AzureADDirectorySetting -DirectorySetting $Setting - Here is an error in the original post and it is expected as per the article.
----------------------------------------------------------------------
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
Get-AzureADDirectorySetting : A parameter cannot be found that matches parameter name 'Id'
- According to error, I did a little different but same task.
$Setting = Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ
So I have proceeded further.
----------------------------------------------------------------------------------------
on Last step, I am struggling
Set-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ -DirectorySetting $Setting
It is not recognizing $settings parameter...tried different values.
----------------------------------------------------
And in My original post, you can see I have posted in last $setting parameter value as to eliminate the doubt of null value.
-----------------------------------------------------
May I request you to provide your comment on this? It would be grateful.
Jul 12 2018 07:26 PM
Thank you sir for your response. It worked by this. And I am cursing myself why didn't i try tab before.
Set-AzureADDirectorySetting -ObjectId $settings.Id -DirectorySetting $settings
-objectID instead of -id
Have a great day.
Aug 06 2019 06:31 AM
Thanks a lot! This was essential in order to get Move-StaffHubTeam to work! The documentation is, to put it mildly, incomplete and misleading...
Mar 12 2018 12:41 PM
SolutionI ran into that too, and I think my problem was because I hadn't actually created the Group.Unified object/setting in AzureAD yet. Therefore, the error report was technically correct.
Check this to see if you have anything configured:
Get-AzureADDirectorySetting | ForEach Values
If not, create the settings AAD object:
Creating the Group.Unified Settings object (1-time task)
$template = Get-AzureADDirectorySettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $setting
After that, the 'is null' error should go away as the setting actually exists.
Re-run Get-AzureADDirectorySetting | ForEach Values and you should at least see the blank settings.
I found this site extremely helpful getting my settings configured & managing them:
https://drewmadelung.com/managing-office-365-group-using-azure-ad-powershell-v2/
HTH