Help with assigning licenses to AAD users within an AAD group

Welcome Forums General PowerShell Q&A Help with assigning licenses to AAD users within an AAD group

Viewing 10 reply threads
  • Author
    Posts
    • #227968
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      Hi everyone,

      This will be part of a larger thing I scale out but for now, trying to get the following to work. I have an Azure AD group…….

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      I want to assign licenses to each of the members in this group. I have done the following and this works when I do it with an individual Azure AD user. Specifically the EMS license.
      $E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
      $EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
      $LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
      $LicensestoAssign.AddLicenses = $EMSLicense
      #Assign License to user
      Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensestoAssign

      When I try to do this for the group members, I get this…..

      PS C:\Users\nelso\OneDrive\Powershell> $azbn | ForEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -AssignedLicenses $LicensestoAssign}

      Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
      At line:1 char:58
      + … rEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -Assig …
      + ~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

      Anyone who can assist with a way to make this work, I’d greatly appreciate it.

      Thanks in advance.

      Nelson

    • #227971
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Well first, I don’t see where you populated your $user variable. Second, when you use foreach-object,the automatic variable is $_, $azbn is assumed to be a collection of users. Seems you just need to adjust your foreach loop.

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      
      $E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
      $EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
      $LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
      $LicensestoAssign.AddLicenses = $EMSLicense
      
      #Assign License to user
      foreach($user in $azbn){
          Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
      }
      

      Or

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      
      $E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
      $EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
      $LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
      $LicensestoAssign.AddLicenses = $EMSLicense
      
      #Assign License to user
      $azbn | foreach-object {
          Set-AzureADUserLicense -ObjectId $_.ObjectId -AssignedLicenses $LicensestoAssign
      }
      
    • #227974
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      Thanks for the reply. Yeah, I left out the user variable since I know that worked.

      Just tried both of your changes and I get the same error about -ObjectId being null. I had tried the first way before but same. Frustrating thing is it’s not null based on doing this….

      PS C:\Users\nelso\OneDrive\Powershell> Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810 | Select ObjectId

      ObjectId
      ——–
      90ebe360-5f28-4d49-bf97-5cff0383bc33
      c767a7d6-d989-461d-91f7-23d8102bc30d
      1ba3132f-1263-4adc-a1b0-5c40a9af84bb
      f0f3bd33-35da-458c-8346-28e789c7696a
      ccc44d6b-6bd4-42cf-947f-e04f0d0cffed
      b35d45ba-e330-40d3-aca3-c1fb7744062e
      b723ebf0-3f03-4f7e-99a9-dfa717336d1e
      fd3405c8-4349-476a-a4e6-4973301f2ed5
      d5e1ed38-3fa5-49c4-abaa-dfcb59b20776
      d44d6dc5-2ede-41a0-95ed-6c23ca75fee3
      327d1cd8-ae0d-411c-86ac-5fb04259d85f
      c33ecbf6-5c18-49f2-85b4-236aad4a79b2
      c4a383ab-3a26-4a80-8d64-9746f19574d8
      6ff0d189-bedd-4b5d-871a-e83c3246b9a7
      1bf9ac5a-337d-4400-9323-f686ea6b0491
      7cfc14b2-5b0b-4435-a72e-30904335740b
      9824721c-4b2e-4ac5-acdd-aaead2fe7d27
      b5eeac7b-0214-4458-90e6-bd89b894ebad
      703c7699-9ad2-4d34-a765-3f2b0888edda

       

      Anyhow, here’s the error.

      PS C:\Users\nelso\OneDrive\Powershell> foreach($user in $azbn){
      >> Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
      >> }

      Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
      At line:2 char:38
      + Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses …
      + ~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

       

      Thanks.

    • #227977
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Hi Nelson,
      Type this and post the output please.

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      $azbn | gm -force
      

      Also, show your $user assignment.

    • #227980
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      Here you go. Thank you!

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

      $azbn | gm -Force

      $user = Get-AzureADUser -SearchString email@emailaddress.com
      TypeName: Microsoft.Open.AzureAD.Model.User
      
      Name MemberType Definition
      ---- ---------- ----------
      pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, Public... 
      psadapted MemberSet psadapted {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicen... 
      psbase MemberSet psbase {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicenses... 
      psextended MemberSet psextended {}
      psobject MemberSet psobject {Members, Properties, Methods, ImmediateBaseObject, BaseObject, TypeNames, get_Members, get_Propertie... 
      Equals Method bool Equals(System.Object obj), bool Equals(Microsoft.Open.AzureAD.Model.User other), bool Equals(Microsoft.Op... 
      GetHashCode Method int GetHashCode()
      GetType Method type GetType()
      get_AccountEnabled Method System.Nullable[bool] get_AccountEnabled()
      get_AgeGroup Method string get_AgeGroup()
      get_AssignedLicenses Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] get_AssignedLicenses()
      get_AssignedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] get_AssignedPlans()
      get_City Method string get_City()
      get_CompanyName Method string get_CompanyName()
      get_ConsentProvidedForMinor Method string get_ConsentProvidedForMinor()
      get_Country Method string get_Country()
      get_CreationType Method string get_CreationType()
      get_DeletionTimestamp Method System.Nullable[datetime] get_DeletionTimestamp()
      get_Department Method string get_Department()
      get_DirSyncEnabled Method System.Nullable[bool] get_DirSyncEnabled()
      get_DisplayName Method string get_DisplayName()
      get_ExtensionProperty Method System.Collections.Generic.Dictionary[string,string] get_ExtensionProperty()
      get_FacsimileTelephoneNumber Method string get_FacsimileTelephoneNumber()
      get_GivenName Method string get_GivenName()
      get_ImmutableId Method string get_ImmutableId()
      get_IsCompromised Method System.Nullable[bool] get_IsCompromised()
      get_JobTitle Method string get_JobTitle()
      get_LastDirSyncTime Method System.Nullable[datetime] get_LastDirSyncTime()
      get_LegalAgeGroupClassification Method string get_LegalAgeGroupClassification()
      get_Mail Method string get_Mail()
      get_MailNickName Method string get_MailNickName()
      get_Mobile Method string get_Mobile()
      get_ObjectId Method string get_ObjectId()
      get_ObjectType Method string get_ObjectType()
      get_OnPremisesSecurityIdentifier Method string get_OnPremisesSecurityIdentifier()
      get_OtherMails Method System.Collections.Generic.List[string] get_OtherMails()
      get_PasswordPolicies Method string get_PasswordPolicies()
      get_PasswordProfile Method Microsoft.Open.AzureAD.Model.PasswordProfile get_PasswordProfile()
      get_PhysicalDeliveryOfficeName Method string get_PhysicalDeliveryOfficeName()
      get_PostalCode Method string get_PostalCode()
      get_PreferredLanguage Method string get_PreferredLanguage()
      get_ProvisionedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] get_ProvisionedPlans()
      get_ProvisioningErrors Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] get_ProvisioningErrors()
      get_ProxyAddresses Method System.Collections.Generic.List[string] get_ProxyAddresses()
      get_RefreshTokensValidFromDateTime Method System.Nullable[datetime] get_RefreshTokensValidFromDateTime()
      get_ShowInAddressList Method System.Nullable[bool] get_ShowInAddressList()
      get_SignInNames Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] get_SignInNames()
      get_SipProxyAddress Method string get_SipProxyAddress()
      get_State Method string get_State()
      get_StreetAddress Method string get_StreetAddress()
      get_Surname Method string get_Surname()
      get_TelephoneNumber Method string get_TelephoneNumber()
      get_UsageLocation Method string get_UsageLocation()
      get_UserPrincipalName Method string get_UserPrincipalName()
      get_UserState Method string get_UserState()
      get_UserStateChangedOn Method string get_UserStateChangedOn()
      get_UserType Method string get_UserType()
      set_AccountEnabled Method void set_AccountEnabled(System.Nullable[bool] value)
      set_AgeGroup Method void set_AgeGroup(string value)
      set_City Method void set_City(string value)
      set_CompanyName Method void set_CompanyName(string value)
      set_ConsentProvidedForMinor Method void set_ConsentProvidedForMinor(string value)
      set_Country Method void set_Country(string value)
      set_CreationType Method void set_CreationType(string value)
      set_Department Method void set_Department(string value)
      set_DisplayName Method void set_DisplayName(string value)
      set_ExtensionProperty Method void set_ExtensionProperty(System.Collections.Generic.Dictionary[string,string] value)
      set_FacsimileTelephoneNumber Method void set_FacsimileTelephoneNumber(string value)
      set_GivenName Method void set_GivenName(string value)
      set_ImmutableId Method void set_ImmutableId(string value)
      set_IsCompromised Method void set_IsCompromised(System.Nullable[bool] value)
      set_JobTitle Method void set_JobTitle(string value)
      set_MailNickName Method void set_MailNickName(string value)
      set_Mobile Method void set_Mobile(string value)
      set_OtherMails Method void set_OtherMails(System.Collections.Generic.List[string] value)
      set_PasswordPolicies Method void set_PasswordPolicies(string value)
      set_PasswordProfile Method void set_PasswordProfile(Microsoft.Open.AzureAD.Model.PasswordProfile value)
      set_PhysicalDeliveryOfficeName Method void set_PhysicalDeliveryOfficeName(string value)
      set_PostalCode Method void set_PostalCode(string value)
      set_PreferredLanguage Method void set_PreferredLanguage(string value)
      set_ShowInAddressList Method void set_ShowInAddressList(System.Nullable[bool] value)
      set_SignInNames Method void set_SignInNames(System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] value)
      set_State Method void set_State(string value)
      set_StreetAddress Method void set_StreetAddress(string value)
      set_Surname Method void set_Surname(string value)
      set_TelephoneNumber Method void set_TelephoneNumber(string value)
      set_UsageLocation Method void set_UsageLocation(string value)
      set_UserPrincipalName Method void set_UserPrincipalName(string value)
      set_UserState Method void set_UserState(string value)
      set_UserStateChangedOn Method void set_UserStateChangedOn(string value)
      set_UserType Method void set_UserType(string value)
      ShouldSerializeAssignedLicenses Method bool ShouldSerializeAssignedLicenses()
      ShouldSerializeAssignedPlans Method bool ShouldSerializeAssignedPlans()
      ShouldSerializeDeletionTimestamp Method bool ShouldSerializeDeletionTimestamp()
      ShouldSerializeDirSyncEnabled Method bool ShouldSerializeDirSyncEnabled()
      ShouldSerializeLastDirSyncTime Method bool ShouldSerializeLastDirSyncTime()
      ShouldSerializeLegalAgeGroupClassification Method bool ShouldSerializeLegalAgeGroupClassification()
      ShouldSerializeMail Method bool ShouldSerializeMail()
      ShouldSerializeObjectId Method bool ShouldSerializeObjectId()
      ShouldSerializeObjectType Method bool ShouldSerializeObjectType()
      ShouldSerializeOnPremisesSecurityIdentifier Method bool ShouldSerializeOnPremisesSecurityIdentifier()
      ShouldSerializeProvisionedPlans Method bool ShouldSerializeProvisionedPlans()
      ShouldSerializeProvisioningErrors Method bool ShouldSerializeProvisioningErrors()
      ShouldSerializeProxyAddresses Method bool ShouldSerializeProxyAddresses()
      ShouldSerializeRefreshTokensValidFromDateTime Method bool ShouldSerializeRefreshTokensValidFromDateTime()
      ShouldSerializeSipProxyAddress Method bool ShouldSerializeSipProxyAddress()
      ToJson Method string ToJson()
      ToString Method string ToString()
      Validate Method System.Collections.Generic.IEnumerable[System.ComponentModel.DataAnnotations.ValidationResult] Validate(System... 
      AccountEnabled Property System.Nullable[bool] AccountEnabled {get;set;}
      AgeGroup Property string AgeGroup {get;set;}
      AssignedLicenses Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] AssignedLicenses {get;}
      AssignedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] AssignedPlans {get;}
      City Property string City {get;set;}
      CompanyName Property string CompanyName {get;set;}
      ConsentProvidedForMinor Property string ConsentProvidedForMinor {get;set;}
      Country Property string Country {get;set;}
      CreationType Property string CreationType {get;set;}
      DeletionTimestamp Property System.Nullable[datetime] DeletionTimestamp {get;}
      Department Property string Department {get;set;}
      DirSyncEnabled Property System.Nullable[bool] DirSyncEnabled {get;}
      DisplayName Property string DisplayName {get;set;}
      ExtensionProperty Property System.Collections.Generic.Dictionary[string,string] ExtensionProperty {get;set;}
      FacsimileTelephoneNumber Property string FacsimileTelephoneNumber {get;set;}
      GivenName Property string GivenName {get;set;}
      ImmutableId Property string ImmutableId {get;set;}
      IsCompromised Property System.Nullable[bool] IsCompromised {get;set;}
      JobTitle Property string JobTitle {get;set;}
      LastDirSyncTime Property System.Nullable[datetime] LastDirSyncTime {get;}
      LegalAgeGroupClassification Property string LegalAgeGroupClassification {get;}
      Mail Property string Mail {get;}
      MailNickName Property string MailNickName {get;set;}
      Mobile Property string Mobile {get;set;}
      ObjectId Property string ObjectId {get;}
      ObjectType Property string ObjectType {get;}
      OnPremisesSecurityIdentifier Property string OnPremisesSecurityIdentifier {get;}
      OtherMails Property System.Collections.Generic.List[string] OtherMails {get;set;}
      PasswordPolicies Property string PasswordPolicies {get;set;}
      PasswordProfile Property Microsoft.Open.AzureAD.Model.PasswordProfile PasswordProfile {get;set;}
      PhysicalDeliveryOfficeName Property string PhysicalDeliveryOfficeName {get;set;}
      PostalCode Property string PostalCode {get;set;}
      PreferredLanguage Property string PreferredLanguage {get;set;}
      ProvisionedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] ProvisionedPlans {get;}
      ProvisioningErrors Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] ProvisioningErrors {get;}
      ProxyAddresses Property System.Collections.Generic.List[string] ProxyAddresses {get;}
      RefreshTokensValidFromDateTime Property System.Nullable[datetime] RefreshTokensValidFromDateTime {get;}
      ShowInAddressList Property System.Nullable[bool] ShowInAddressList {get;set;}
      SignInNames Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] SignInNames {get;set;}
      SipProxyAddress Property string SipProxyAddress {get;}
      State Property string State {get;set;}
      StreetAddress Property string StreetAddress {get;set;}
      Surname Property string Surname {get;set;}
      TelephoneNumber Property string TelephoneNumber {get;set;}
      UsageLocation Property string UsageLocation {get;set;}
      UserPrincipalName Property string UserPrincipalName {get;set;}
      UserState Property string UserState {get;set;}
      UserStateChangedOn Property string UserStateChangedOn {get;set;}
      UserType Property string UserType {get;set;}
    • #227986
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Maybe the force was a bit much, apologies. Thank you for sharing though. So if you run this, does it show an email address?

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      $azbn | select-object -first 1 | foreach-object {
          $_.ObjectId
      }
      
    • #227989
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      No worries 🙂

      No, I get back an object id…

      $azbn | select-object -first 1 | foreach-object {
      >> $_.ObjectId
      >> }
      
      90ebe360-5f28-4d49-bf97-5cff0383bc33

      But since the Set-AzureADUserLicense command prompts for an ObjectID, that’s what it wants, no?

      Nelson

    • #228001
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Based on the docs, you would think so

      -ObjectId
      Specifies the ID of a user (as a UPN or ObjectId) in Azure AD.
      

      But the examples show

      Set-AzureADUserLicense -ObjectId "Violeta.Collias@drumkit.onmicrosoft.com" -AssignedLicenses $licenses
      

      If you run this, does it show an email address?

      $user = Get-AzureADUser -SearchString email@emailaddress.com
      $user.objectid
      

      Maybe this will work?

      $azbn | foreach-object {
          Set-AzureADUserLicense -ObjectId $_.UserPrincipalName -AssignedLicenses $LicensestoAssign
      }
      
    • #228010
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      Yeah, that worked! I’m not really sure how that did it, but it did. Why did it accept the UPN as opposed to the Object Id?

      Thanks a bunch, one big piece of this down! Greatly appreciated.

      Nelson

    • #228013
      Participant
      Topics: 8
      Replies: 21
      Points: 129
      Rank: Participant

      Actually, I see it now in your example. That seems super backwards but ok I guess 🙂

      Thank you again!

    • #228019
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Glad I could help 🙂

Viewing 10 reply threads
  • You must be logged in to reply to this topic.