add ad users to a ad security group input from msol accountskuid

%3CLINGO-SUB%20id%3D%22lingo-sub-2263360%22%20slang%3D%22en-US%22%3Eadd%20ad%20users%20to%20a%20ad%20security%20group%20input%20from%20msol%20accountskuid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2263360%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20this%20command%20to%20first%20geet%20the%20users%20in%20Azure%20who%20have%20a%20standardpack%20license%20and%20then%20add%20tthos%20users%20to%20a%20on-premise%20AD%20security%20group.%20The%20users%20which%20are%20retrieved%20from%20Azure%20are%20corrcect%2C%20that%20part%20works%20but%20then%20adding%20them%20to%20the%20aad-adgroupmember%20does%20not%20does%20the%20job.%20It%20runs%20but%20for%20all%20users%20it%20gives%20a%20result%3A%20migrate%3A%20false.%3C%2FP%3E%3CP%3ESo%20the%20script%20is%20not%20faulty%20but%20i%20am%20giving%20the%20wrong%20input%20or%20something%20like%20that%3F%3C%2FP%3E%3CP%3EThe%20goal%20is%20to%20assign%20ad%20users%20autmatically%20a%20office%20E%20license%20based%20on%20security%20group%20in%20AD%2C%20then%20when%20a%20user%20leaves%20the%20company%20or%20is%20new%20it%20will%20be%20automatically%20assigned%20that%20license..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20script%3A%3C%2FP%3E%3CP%3E%24msolUsers%3D%20Get-MsolUser%20-All%20%7C%3CBR%20%2F%3EWhere-Object%20%7B%24(%24_.licenses).accountskuid%20-eq%20'company%3ASTANDARDPACK'%7D%3CBR%20%2F%3EForEach%20(%24user%20in%20%24msolUsers)%20%7B%3CBR%20%2F%3Etry%20%7B%3CBR%20%2F%3E%24ADUser%3D%20Get-ADUser-filter%20%7BUserPrincipalName%20-eq%3CBR%20%2F%3E%24user.UserPrincipalName%7D-ErrorAction%20stop%3CBR%20%2F%3EAdd-ADGroupMember-Identity%20O365-E1%20-Members%20%24ADUser-ErrorAction%20stop%3CBR%20%2F%3E%3CBR%20%2F%3E%5BPSCustomObject%5D%40%7B%3CBR%20%2F%3EUserPrincipalName%20%3D%20%24user.UserPrincipalName%3CBR%20%2F%3EMigrate%20%3D%20%24true%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%7D%3CBR%20%2F%3Ecatch%20%7B%3CBR%20%2F%3E%5BPSCustomObject%5D%40%7B%3CBR%20%2F%3EUserPrincipalName%20%3D%20%24user.UserPrincipalName%3CBR%20%2F%3EMigrate%20%3D%20%24false%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2263360%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eusergroups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2269396%22%20slang%3D%22en-US%22%3ERe%3A%20add%20ad%20users%20to%20a%20ad%20security%20group%20input%20from%20msol%20accountskuid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2269396%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F605036%22%20target%3D%22_blank%22%3E%40Surfer10%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20parameter%20%3CSTRONG%3EMembers%3C%2FSTRONG%3E%20accepts%20string%20array%20(comma%20separated%20values)%20or%20string%20text.%20Can%20you%20try%20the%20below%20line%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EAdd-ADGroupMember-Identity%20O365-E1%20-Members%26nbsp%3B%24ADUser.UserPrincipalName%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am trying this command to first geet the users in Azure who have a standardpack license and then add tthos users to a on-premise AD security group. The users which are retrieved from Azure are corrcect, that part works but then adding them to the aad-adgroupmember does not does the job. It runs but for all users it gives a result: migrate: false.

So the script is not faulty but i am giving the wrong input or something like that?

The goal is to assign ad users autmatically a office E license based on security group in AD, then when a user leaves the company or is new it will be automatically assigned that license..

 

The script:

$msolUsers= Get-MsolUser -All |
Where-Object {$($_.licenses).accountskuid -eq 'company:STANDARDPACK'}
ForEach ($user in $msolUsers) {
try {
$ADUser= Get-ADUser-filter {UserPrincipalName -eq
$user.UserPrincipalName}-ErrorAction stop
Add-ADGroupMember-Identity O365-E1 -Members $ADUser-ErrorAction stop

[PSCustomObject]@{
UserPrincipalName = $user.UserPrincipalName
Migrate = $true
}
}
catch {
[PSCustomObject]@{
UserPrincipalName = $user.UserPrincipalName
Migrate = $false
}
}
}

1 Reply

@Surfer10 

 

The parameter Members accepts string array (comma separated values) or string text. Can you try the below line?

 

Add-ADGroupMember-Identity O365-E1 -Members $ADUser.UserPrincipalName