Help with assigning licenses to AAD users within an AAD group

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

Hi everyone,

This will be part of a larger thing I scale out but for now, trying to get the following to work. I have an Azure AD group…….

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

I want to assign licenses to each of the members in this group. I have done the following and this works when I do it with an individual Azure AD user. Specifically the EMS license.

$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense

$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense

$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”

$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”

$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses

$LicensestoAssign.AddLicenses = $EMSLicense

#Assign License to user

Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensestoAssign

When I try to do this for the group members, I get this…..

PS C:\Users\nelso\OneDrive\Powershell> $azbn | ForEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -AssignedLicenses $LicensestoAssign}

Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
At line:1 char:58
+ … rEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -Assig …
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

Anyone who can assist with a way to make this work, I’d greatly appreciate it.

Thanks in advance.

Nelson

[Doug Maurer Participant Topics: 3 Replies: 340 Points: 1,120Rank: Community Hero]

Well first, I don’t see where you populated your $user variable. Second, when you use foreach-object,the automatic variable is $_, $azbn is assumed to be a collection of users. Seems you just need to adjust your foreach loop.

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicensestoAssign.AddLicenses = $EMSLicense

#Assign License to user
foreach($user in $azbn){
    Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
}

Or

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicensestoAssign.AddLicenses = $EMSLicense

#Assign License to user
$azbn | foreach-object {
    Set-AzureADUserLicense -ObjectId $_.ObjectId -AssignedLicenses $LicensestoAssign
}

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

Thanks for the reply. Yeah, I left out the user variable since I know that worked.

Just tried both of your changes and I get the same error about -ObjectId being null. I had tried the first way before but same. Frustrating thing is it’s not null based on doing this….

PS C:\Users\nelso\OneDrive\Powershell> Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810 | Select ObjectId

ObjectId
——–
90ebe360-5f28-4d49-bf97-5cff0383bc33
c767a7d6-d989-461d-91f7-23d8102bc30d
1ba3132f-1263-4adc-a1b0-5c40a9af84bb
f0f3bd33-35da-458c-8346-28e789c7696a
ccc44d6b-6bd4-42cf-947f-e04f0d0cffed
b35d45ba-e330-40d3-aca3-c1fb7744062e
b723ebf0-3f03-4f7e-99a9-dfa717336d1e
fd3405c8-4349-476a-a4e6-4973301f2ed5
d5e1ed38-3fa5-49c4-abaa-dfcb59b20776
d44d6dc5-2ede-41a0-95ed-6c23ca75fee3
327d1cd8-ae0d-411c-86ac-5fb04259d85f
c33ecbf6-5c18-49f2-85b4-236aad4a79b2
c4a383ab-3a26-4a80-8d64-9746f19574d8
6ff0d189-bedd-4b5d-871a-e83c3246b9a7
1bf9ac5a-337d-4400-9323-f686ea6b0491
7cfc14b2-5b0b-4435-a72e-30904335740b
9824721c-4b2e-4ac5-acdd-aaead2fe7d27
b5eeac7b-0214-4458-90e6-bd89b894ebad
703c7699-9ad2-4d34-a765-3f2b0888edda

 

Anyhow, here’s the error.

PS C:\Users\nelso\OneDrive\Powershell> foreach($user in $azbn){
>> Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
>> }

Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
At line:2 char:38
+ Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses …
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

 

Thanks.

[Doug Maurer Participant Topics: 3 Replies: 340 Points: 1,120Rank: Community Hero]

Hi Nelson,
Type this and post the output please.

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
$azbn | gm -force

Also, show your $user assignment.

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

Here you go. Thank you!

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

$azbn | gm -Force

$user = Get-AzureADUser -SearchString email@emailaddress.com

TypeName: Microsoft.Open.AzureAD.Model.User

Name MemberType Definition
---- ---------- ----------
pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, Public... 
psadapted MemberSet psadapted {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicen... 
psbase MemberSet psbase {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicenses... 
psextended MemberSet psextended {}
psobject MemberSet psobject {Members, Properties, Methods, ImmediateBaseObject, BaseObject, TypeNames, get_Members, get_Propertie... 
Equals Method bool Equals(System.Object obj), bool Equals(Microsoft.Open.AzureAD.Model.User other), bool Equals(Microsoft.Op... 
GetHashCode Method int GetHashCode()
GetType Method type GetType()
get_AccountEnabled Method System.Nullable[bool] get_AccountEnabled()
get_AgeGroup Method string get_AgeGroup()
get_AssignedLicenses Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] get_AssignedLicenses()
get_AssignedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] get_AssignedPlans()
get_City Method string get_City()
get_CompanyName Method string get_CompanyName()
get_ConsentProvidedForMinor Method string get_ConsentProvidedForMinor()
get_Country Method string get_Country()
get_CreationType Method string get_CreationType()
get_DeletionTimestamp Method System.Nullable[datetime] get_DeletionTimestamp()
get_Department Method string get_Department()
get_DirSyncEnabled Method System.Nullable[bool] get_DirSyncEnabled()
get_DisplayName Method string get_DisplayName()
get_ExtensionProperty Method System.Collections.Generic.Dictionary[string,string] get_ExtensionProperty()
get_FacsimileTelephoneNumber Method string get_FacsimileTelephoneNumber()
get_GivenName Method string get_GivenName()
get_ImmutableId Method string get_ImmutableId()
get_IsCompromised Method System.Nullable[bool] get_IsCompromised()
get_JobTitle Method string get_JobTitle()
get_LastDirSyncTime Method System.Nullable[datetime] get_LastDirSyncTime()
get_LegalAgeGroupClassification Method string get_LegalAgeGroupClassification()
get_Mail Method string get_Mail()
get_MailNickName Method string get_MailNickName()
get_Mobile Method string get_Mobile()
get_ObjectId Method string get_ObjectId()
get_ObjectType Method string get_ObjectType()
get_OnPremisesSecurityIdentifier Method string get_OnPremisesSecurityIdentifier()
get_OtherMails Method System.Collections.Generic.List[string] get_OtherMails()
get_PasswordPolicies Method string get_PasswordPolicies()
get_PasswordProfile Method Microsoft.Open.AzureAD.Model.PasswordProfile get_PasswordProfile()
get_PhysicalDeliveryOfficeName Method string get_PhysicalDeliveryOfficeName()
get_PostalCode Method string get_PostalCode()
get_PreferredLanguage Method string get_PreferredLanguage()
get_ProvisionedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] get_ProvisionedPlans()
get_ProvisioningErrors Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] get_ProvisioningErrors()
get_ProxyAddresses Method System.Collections.Generic.List[string] get_ProxyAddresses()
get_RefreshTokensValidFromDateTime Method System.Nullable[datetime] get_RefreshTokensValidFromDateTime()
get_ShowInAddressList Method System.Nullable[bool] get_ShowInAddressList()
get_SignInNames Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] get_SignInNames()
get_SipProxyAddress Method string get_SipProxyAddress()
get_State Method string get_State()
get_StreetAddress Method string get_StreetAddress()
get_Surname Method string get_Surname()
get_TelephoneNumber Method string get_TelephoneNumber()
get_UsageLocation Method string get_UsageLocation()
get_UserPrincipalName Method string get_UserPrincipalName()
get_UserState Method string get_UserState()
get_UserStateChangedOn Method string get_UserStateChangedOn()
get_UserType Method string get_UserType()
set_AccountEnabled Method void set_AccountEnabled(System.Nullable[bool] value)
set_AgeGroup Method void set_AgeGroup(string value)
set_City Method void set_City(string value)
set_CompanyName Method void set_CompanyName(string value)
set_ConsentProvidedForMinor Method void set_ConsentProvidedForMinor(string value)
set_Country Method void set_Country(string value)
set_CreationType Method void set_CreationType(string value)
set_Department Method void set_Department(string value)
set_DisplayName Method void set_DisplayName(string value)
set_ExtensionProperty Method void set_ExtensionProperty(System.Collections.Generic.Dictionary[string,string] value)
set_FacsimileTelephoneNumber Method void set_FacsimileTelephoneNumber(string value)
set_GivenName Method void set_GivenName(string value)
set_ImmutableId Method void set_ImmutableId(string value)
set_IsCompromised Method void set_IsCompromised(System.Nullable[bool] value)
set_JobTitle Method void set_JobTitle(string value)
set_MailNickName Method void set_MailNickName(string value)
set_Mobile Method void set_Mobile(string value)
set_OtherMails Method void set_OtherMails(System.Collections.Generic.List[string] value)
set_PasswordPolicies Method void set_PasswordPolicies(string value)
set_PasswordProfile Method void set_PasswordProfile(Microsoft.Open.AzureAD.Model.PasswordProfile value)
set_PhysicalDeliveryOfficeName Method void set_PhysicalDeliveryOfficeName(string value)
set_PostalCode Method void set_PostalCode(string value)
set_PreferredLanguage Method void set_PreferredLanguage(string value)
set_ShowInAddressList Method void set_ShowInAddressList(System.Nullable[bool] value)
set_SignInNames Method void set_SignInNames(System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] value)
set_State Method void set_State(string value)
set_StreetAddress Method void set_StreetAddress(string value)
set_Surname Method void set_Surname(string value)
set_TelephoneNumber Method void set_TelephoneNumber(string value)
set_UsageLocation Method void set_UsageLocation(string value)
set_UserPrincipalName Method void set_UserPrincipalName(string value)
set_UserState Method void set_UserState(string value)
set_UserStateChangedOn Method void set_UserStateChangedOn(string value)
set_UserType Method void set_UserType(string value)
ShouldSerializeAssignedLicenses Method bool ShouldSerializeAssignedLicenses()
ShouldSerializeAssignedPlans Method bool ShouldSerializeAssignedPlans()
ShouldSerializeDeletionTimestamp Method bool ShouldSerializeDeletionTimestamp()
ShouldSerializeDirSyncEnabled Method bool ShouldSerializeDirSyncEnabled()
ShouldSerializeLastDirSyncTime Method bool ShouldSerializeLastDirSyncTime()
ShouldSerializeLegalAgeGroupClassification Method bool ShouldSerializeLegalAgeGroupClassification()
ShouldSerializeMail Method bool ShouldSerializeMail()
ShouldSerializeObjectId Method bool ShouldSerializeObjectId()
ShouldSerializeObjectType Method bool ShouldSerializeObjectType()
ShouldSerializeOnPremisesSecurityIdentifier Method bool ShouldSerializeOnPremisesSecurityIdentifier()
ShouldSerializeProvisionedPlans Method bool ShouldSerializeProvisionedPlans()
ShouldSerializeProvisioningErrors Method bool ShouldSerializeProvisioningErrors()
ShouldSerializeProxyAddresses Method bool ShouldSerializeProxyAddresses()
ShouldSerializeRefreshTokensValidFromDateTime Method bool ShouldSerializeRefreshTokensValidFromDateTime()
ShouldSerializeSipProxyAddress Method bool ShouldSerializeSipProxyAddress()
ToJson Method string ToJson()
ToString Method string ToString()
Validate Method System.Collections.Generic.IEnumerable[System.ComponentModel.DataAnnotations.ValidationResult] Validate(System... 
AccountEnabled Property System.Nullable[bool] AccountEnabled {get;set;}
AgeGroup Property string AgeGroup {get;set;}
AssignedLicenses Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] AssignedLicenses {get;}
AssignedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] AssignedPlans {get;}
City Property string City {get;set;}
CompanyName Property string CompanyName {get;set;}
ConsentProvidedForMinor Property string ConsentProvidedForMinor {get;set;}
Country Property string Country {get;set;}
CreationType Property string CreationType {get;set;}
DeletionTimestamp Property System.Nullable[datetime] DeletionTimestamp {get;}
Department Property string Department {get;set;}
DirSyncEnabled Property System.Nullable[bool] DirSyncEnabled {get;}
DisplayName Property string DisplayName {get;set;}
ExtensionProperty Property System.Collections.Generic.Dictionary[string,string] ExtensionProperty {get;set;}
FacsimileTelephoneNumber Property string FacsimileTelephoneNumber {get;set;}
GivenName Property string GivenName {get;set;}
ImmutableId Property string ImmutableId {get;set;}
IsCompromised Property System.Nullable[bool] IsCompromised {get;set;}
JobTitle Property string JobTitle {get;set;}
LastDirSyncTime Property System.Nullable[datetime] LastDirSyncTime {get;}
LegalAgeGroupClassification Property string LegalAgeGroupClassification {get;}
Mail Property string Mail {get;}
MailNickName Property string MailNickName {get;set;}
Mobile Property string Mobile {get;set;}
ObjectId Property string ObjectId {get;}
ObjectType Property string ObjectType {get;}
OnPremisesSecurityIdentifier Property string OnPremisesSecurityIdentifier {get;}
OtherMails Property System.Collections.Generic.List[string] OtherMails {get;set;}
PasswordPolicies Property string PasswordPolicies {get;set;}
PasswordProfile Property Microsoft.Open.AzureAD.Model.PasswordProfile PasswordProfile {get;set;}
PhysicalDeliveryOfficeName Property string PhysicalDeliveryOfficeName {get;set;}
PostalCode Property string PostalCode {get;set;}
PreferredLanguage Property string PreferredLanguage {get;set;}
ProvisionedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] ProvisionedPlans {get;}
ProvisioningErrors Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] ProvisioningErrors {get;}
ProxyAddresses Property System.Collections.Generic.List[string] ProxyAddresses {get;}
RefreshTokensValidFromDateTime Property System.Nullable[datetime] RefreshTokensValidFromDateTime {get;}
ShowInAddressList Property System.Nullable[bool] ShowInAddressList {get;set;}
SignInNames Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] SignInNames {get;set;}
SipProxyAddress Property string SipProxyAddress {get;}
State Property string State {get;set;}
StreetAddress Property string StreetAddress {get;set;}
Surname Property string Surname {get;set;}
TelephoneNumber Property string TelephoneNumber {get;set;}
UsageLocation Property string UsageLocation {get;set;}
UserPrincipalName Property string UserPrincipalName {get;set;}
UserState Property string UserState {get;set;}
UserStateChangedOn Property string UserStateChangedOn {get;set;}
UserType Property string UserType {get;set;}

[Doug Maurer Participant Topics: 3 Replies: 340 Points: 1,120Rank: Community Hero]

Maybe the force was a bit much, apologies. Thank you for sharing though. So if you run this, does it show an email address?

$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
$azbn | select-object -first 1 | foreach-object {
    $_.ObjectId
}

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

No worries 🙂

No, I get back an object id…

$azbn | select-object -first 1 | foreach-object {
>> $_.ObjectId
>> }

90ebe360-5f28-4d49-bf97-5cff0383bc33

But since the Set-AzureADUserLicense command prompts for an ObjectID, that’s what it wants, no?

Nelson

[Doug Maurer Participant Topics: 3 Replies: 340 Points: 1,120Rank: Community Hero]

Based on the docs, you would think so

-ObjectId
Specifies the ID of a user (as a UPN or ObjectId) in Azure AD.

But the examples show

Set-AzureADUserLicense -ObjectId "Violeta.Collias@drumkit.onmicrosoft.com" -AssignedLicenses $licenses

If you run this, does it show an email address?

$user = Get-AzureADUser -SearchString email@emailaddress.com
$user.objectid

Maybe this will work?

$azbn | foreach-object {
    Set-AzureADUserLicense -ObjectId $_.UserPrincipalName -AssignedLicenses $LicensestoAssign
}

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

Yeah, that worked! I’m not really sure how that did it, but it did. Why did it accept the UPN as opposed to the Object Id?

Thanks a bunch, one big piece of this down! Greatly appreciated.

Nelson

[nelsonsaenz94 Participant Topics: 8 Replies: 21 Points: 129Rank: Participant]

Actually, I see it now in your example. That seems super backwards but ok I guess 🙂

Thank you again!

[Doug Maurer Participant Topics: 3 Replies: 340 Points: 1,120Rank: Community Hero]

Glad I could help 🙂

[Author]

Posts