Assign user automatically to group in Office 365

Copper Contributor

Hello, I

want to automatically assign a user, from its creation, to Office 365 groups and Microsoft teams. How can I do it?

10 Replies
Hi!

Dynamic Group Membership

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule

If the Team is linked to the Group the user will be automatically added upon creation assuming the user has the right attribute.

Hope that answers your question.

Best, Chris

@Christopher Hoard 

 

First, I can't see " Dynamic user member" case when i create a new group

 

Second, I would affect new user to already exist group

Hi @youssefch

As per article you would do this in Azure AD, not the 365 control panel

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule

You would need Azure AD P1 licencing to do it

https://docs.microsoft.com/en-us/azure/active-directory/b2b/use-dynamic-groups

You would need to review the existing groups before amending the attributes of users and applying this solution.

However, AFAIK this is the easiest solution which will automatically assign a new user to an Office 365 group/Team upon creation as was the original question

Hope that clarifies!

Best, Chris

Thank You Sir for this responce 

 

WIth powershell, it is possible ? or i should be upgrade my azure active directory to premium ?

You could absolutely look to script it with Powershell in terms of creating users, adding to specific 365 groups and specific Teams. You would set this information in the script. If you are ok with amending that script when new users are added (setting the groups, teams) then of course, this is a no cost option. However, if you want Azure AD to automatically assign the user to 365 groups and associated Teams to those groups based on an attribute (I.e. location, department) then Azure AD P1 and Dynamic groups is the way to go.

Hope that helps you reach a decision

Best, Chris

 

 

Thank You SIR :D @Christopher Hoard

 

another question please , how i can get a script to create office 365 user using powershell ; have you one script ?

I don't have a script but here are the links to the Powershell Commands -

Add user to Office 365
https://docs.microsoft.com/en-gb/office365/enterprise/powershell/create-user-accounts-with-office-36...

Add users to Office 365 Group
https://lazyadmin.nl/it/manage-office-365-groups-members-owners-powershell/

If the Team is linked to the Group then they should be added. If you have the Teams Powershell module (https://www.powershellgallery.com/packages/MicrosoftTeams/0.9.0) installed you could just add the user to the Team which will add them to the Office 365 Group

https://docs.microsoft.com/en-us/powershell/module/teams/add-teamuser?view=teams-ps

Hope that answers your question! Best of luck!

Best, Chris

@Christopher Hoard The real issues with Dynamic groups is that a user cannot see the members by expanding the distribution list. That option isn't available. We were forced to convert all groups to non-dynamic groups because of this limitation. Basically, each and every user has unique properties (might be a member of 3 main groups, then pick and choose what groups afterwards based on need). The process for replicating group membership via the GUI is very slow and extremely inefficient. More than 5 clicks to add a person to one single group. This time adds up for expanding companies. Microsoft's web GUI is very slow as well, compounding the problem. It would be great if there would be a group picker at account creation without having to script everything. Powershell is complex and haphazard.

Hi @jimbarrgpboston

I agree with the limitations - may be ones to raise to https://office365.uservoice.com/ I would vote on them

Best, Chris

@Christopher Hoard 

WARNING: Using Dynamic Groups does not exclude guest users by default. This means they may be automatically added to a group to which they shouldn't have access to!