azure-powershell - 添加-AzureADUser Powershell
问题描述
尝试让我的循环获取每个成员的 ObjectID 然后使用 Add-AzureADGroupMember cmdlet 将这些成员添加到 AD 组时遇到问题。任何帮助都会很棒。谢谢
Import-Module MSOnline
Import-Module AzureAD
#2Checks for users with admin roles
$RolesCollection = @()
$Roles = Get-MsolRole
ForEach ($Role In $Roles){
$Members = Get-MsolRoleMember -RoleObjectId $Role.ObjectId
ForEach ($Member In $Members) {
$data = New-Object PSObject -Property @{
RoleName = $Role.Name
MemberName = $Member.DisplayName
MemberObjectID = $Member.ObjectId
}
$RolesCollection += $data
}
#Adds users with admin roles into PIM group via member object ID
forEach ($objectID in $RolesCollection){
Add-AzureADGroupMember -ObjectId 'removed ObjectID for security concerns' -RefObjectId $($Member.ObjectId)
}
}
解决方案
请参考我下面的代码:
$RolesCollection = @()
$Roles = Get-MsolRole
ForEach ($Role In $Roles){
$Members = Get-MsolRoleMember -RoleObjectId $Role.ObjectId
ForEach ($Member In $Members) {
$data = New-Object PSObject -Property @{
RoleName = $Role.Name
MemberName = $Member.DisplayName
MemberObjectID = $Member.ObjectId
}
$RolesCollection += $data
}
#Adds users with admin roles into PIM group via member object ID
forEach ($user in $RolesCollection){
#check if the user exists in the AAD Group, if not, add into it.
$members = Get-AzureADGroupMember -ObjectId 'removed ObjectID for security concerns' | Select -ExpandProperty ObjectId
If ($members -contains $user) {
continue
} Else {
Add-AzureADGroupMember -ObjectId 'removed ObjectID for security concerns' -RefObjectId $($user.MemberObjectID)
}
}
}