SOLVED

Assign users security group to the desktop application group?

%3CLINGO-SUB%20id%3D%22lingo-sub-912395%22%20slang%3D%22en-US%22%3EAssign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912395%22%20slang%3D%22en-US%22%3E%3CP%3EHy%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20The%20Add-RdsAppGroupUser%20cmdlet%20doesn't%20support%20adding%20security%20groups%20and%20only%20adds%20one%20user%20at%20a%20time%20to%20the%20app%20group.%20If%20you%20want%20to%20add%20multiple%20users%20to%20the%20app%20group%2C%20rerun%20the%20cmdlet%20with%20the%20appropriate%20user%20principal%20names.%20%26lt%3B%26lt%3B%3CBR%20%2F%3E-%26gt%3B%20is%20there%20any%20workaround%20for%20adding%20AD-Groups%3F%20Our%20customer%20has%20a%20lot%20of%20accounts%20to%20add.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EErik%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-955973%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-955973%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310439%22%20target%3D%22_blank%22%3E%40eriknu%3C%2FA%3E%26nbsp%3B%3A%20One%20way%20that%20a%20lot%20of%20folks%20achieve%20this%20is%20by%20polling%20an%20Azure%20AD%20group%2C%20then%20refreshing%20every%20morning%20(or%20couple%20of%20hours).%20I%20don't%20have%20the%20exact%20PowerShell%2C%20but%20basically%20a%20script%20that%20does%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-%20Get%20a%20list%20of%20all%20users%20in%20%3CAADSECURITYGROUP%3E%3C%2FAADSECURITYGROUP%3E%3C%2FP%3E%0A%3CP%3E-%20Get%20a%20list%20of%20all%20users%20in%20%3CRDSAPPGROUP%3E%3C%2FRDSAPPGROUP%3E%3C%2FP%3E%0A%3CP%3E-%20Find%20users%20in%20%3CRDSAPPGROUP%3E%20but%20not%20%3CAADSECURITYGROUP%3E%3C%2FAADSECURITYGROUP%3E%3C%2FRDSAPPGROUP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B-%20Foreach%20user%2C%20remove%20the%20user%20from%20%3CRDSAPPGROUP%3E%3C%2FRDSAPPGROUP%3E%3C%2FP%3E%0A%3CP%3E-%20Find%20users%20in%20%3CAADSECURITYGROUP%3E%20but%20not%20%3CRDSAPPGROUP%3E%3C%2FRDSAPPGROUP%3E%3C%2FAADSECURITYGROUP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B-%20Foreach%20user%2C%20add%20the%20user%20to%20the%20%3CRDSAPPGROUP%3E%3C%2FRDSAPPGROUP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020103%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020103%22%20slang%3D%22en-US%22%3Ethanks%20for%20this.%20I%20would%20try%20it%20at%20the%20next%20demo%20deployment.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065789%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065789%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20what%20is%20the%20command%20to%20running%20this%20against%20an%20existing%20group%20in%20AAD%3F%3F%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F332306%22%20target%3D%22_blank%22%3E%40Renfordd_Douglas%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1113139%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1113139%22%20slang%3D%22en-US%22%3E%3CP%3Eis%20there%20a%20new%20update%2Fenhancement%20for%20this%20to%20make%20things%20easier%3F%20maybe%20in%20WVD%20Management%20portalA%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1113146%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1113146%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F476588%22%20target%3D%22_blank%22%3E%40mr2urbo%3C%2FA%3E%26nbsp%3B%3A%20This%20work%20is%20part%20of%20our%20integration%20into%20the%20Azure%20Portal.%20We%20do%20not%20have%20a%20specific%20date%20for%20preview%2C%20but%20targeting%20this%20Spring.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1113475%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1113475%22%20slang%3D%22en-US%22%3ENone%20that%20I%20am%20aware%20of%20at%20this%20time.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1412936%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20users%20security%20group%20to%20the%20desktop%20application%20group%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1412936%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20checking%20in%20to%20see%20if%20there%20was%20any%20update%20to%20being%20able%20to%20directly%20use%20security%20groups%20yet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hy,

 

>> The Add-RdsAppGroupUser cmdlet doesn't support adding security groups and only adds one user at a time to the app group. If you want to add multiple users to the app group, rerun the cmdlet with the appropriate user principal names. <<
-> is there any workaround for adding AD-Groups? Our customer has a lot of accounts to add.

 

Thanks,

Erik

8 Replies
Highlighted
Solution

@eriknu : One way that a lot of folks achieve this is by polling an Azure AD group, then refreshing every morning (or couple of hours). I don't have the exact PowerShell, but basically a script that does:

 

- Get a list of all users in <AADSecurityGroup>

- Get a list of all users in <RdsAppGroup>

- Find users in <RdsAppGroup> but not <AADSecurityGroup>

   - Foreach user, remove the user from <RdsAppGroup>

- Find users in <AADSecurityGroup> but not <RdsAppGroup>

   - Foreach user, add the user to the <RdsAppGroup>

Highlighted
thanks for this. I would try it at the next demo deployment.
Highlighted

So what is the command to running this against an existing group in AAD??

@Renfordd_Douglas

 

Highlighted

is there a new update/enhancement for this to make things easier? maybe in WVD Management portalA?

Highlighted

@mr2urbo : This work is part of our integration into the Azure Portal. We do not have a specific date for preview, but targeting this Spring.

None that I am aware of at this time.
Highlighted

Just checking in to see if there was any update to being able to directly use security groups yet?