Welcome › Forums › General PowerShell Q&A › Help with assigning licenses to AAD users within an AAD group
- This topic has 10 replies, 2 voices, and was last updated 8 months, 1 week ago by
Participant.
-
AuthorPosts
-
-
May 13, 2020 at 10:44 pm #227968
Hi everyone,
This will be part of a larger thing I scale out but for now, trying to get the following to work. I have an Azure AD group…….
$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810I want to assign licenses to each of the members in this group. I have done the following and this works when I do it with an individual Azure AD user. Specifically the EMS license.$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses$LicensestoAssign.AddLicenses = $EMSLicense#Assign License to userSet-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensestoAssignWhen I try to do this for the group members, I get this…..
PS C:\Users\nelso\OneDrive\Powershell> $azbn | ForEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -AssignedLicenses $LicensestoAssign}
Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
At line:1 char:58
+ … rEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -Assig …
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicensesAnyone who can assist with a way to make this work, I’d greatly appreciate it.
Thanks in advance.
Nelson
-
May 13, 2020 at 10:51 pm #227971
Well first, I don’t see where you populated your $user variable. Second, when you use foreach-object,the automatic variable is $_, $azbn is assumed to be a collection of users. Seems you just need to adjust your foreach loop.
PowerShell12345678910111213$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses$LicensestoAssign.AddLicenses = $EMSLicense#Assign License to userforeach($user in $azbn){Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign}Or
PowerShell12345678910111213$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810$E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense$E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”$EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”$LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses$LicensestoAssign.AddLicenses = $EMSLicense#Assign License to user$azbn | foreach-object {Set-AzureADUserLicense -ObjectId $_.ObjectId -AssignedLicenses $LicensestoAssign} -
May 13, 2020 at 11:02 pm #227974
Thanks for the reply. Yeah, I left out the user variable since I know that worked.
Just tried both of your changes and I get the same error about -ObjectId being null. I had tried the first way before but same. Frustrating thing is it’s not null based on doing this….
PS C:\Users\nelso\OneDrive\Powershell> Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810 | Select ObjectId
ObjectId
——–
90ebe360-5f28-4d49-bf97-5cff0383bc33
c767a7d6-d989-461d-91f7-23d8102bc30d
1ba3132f-1263-4adc-a1b0-5c40a9af84bb
f0f3bd33-35da-458c-8346-28e789c7696a
ccc44d6b-6bd4-42cf-947f-e04f0d0cffed
b35d45ba-e330-40d3-aca3-c1fb7744062e
b723ebf0-3f03-4f7e-99a9-dfa717336d1e
fd3405c8-4349-476a-a4e6-4973301f2ed5
d5e1ed38-3fa5-49c4-abaa-dfcb59b20776
d44d6dc5-2ede-41a0-95ed-6c23ca75fee3
327d1cd8-ae0d-411c-86ac-5fb04259d85f
c33ecbf6-5c18-49f2-85b4-236aad4a79b2
c4a383ab-3a26-4a80-8d64-9746f19574d8
6ff0d189-bedd-4b5d-871a-e83c3246b9a7
1bf9ac5a-337d-4400-9323-f686ea6b0491
7cfc14b2-5b0b-4435-a72e-30904335740b
9824721c-4b2e-4ac5-acdd-aaead2fe7d27
b5eeac7b-0214-4458-90e6-bd89b894ebad
703c7699-9ad2-4d34-a765-3f2b0888eddaAnyhow, here’s the error.
PS C:\Users\nelso\OneDrive\Powershell> foreach($user in $azbn){
>> Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
>> }Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
At line:2 char:38
+ Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses …
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicensesThanks.
-
May 13, 2020 at 11:21 pm #227977
Hi Nelson,
Type this and post the output please.PowerShell12$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810$azbn | gm -forceAlso, show your $user assignment.
-
May 13, 2020 at 11:34 pm #227980
Here you go. Thank you!
$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
$azbn | gm -Force
$user = Get-AzureADUser -SearchString [email protected]PowerShell123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162TypeName: Microsoft.Open.AzureAD.Model.UserName MemberType Definition---- ---------- ----------pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, Public...psadapted MemberSet psadapted {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicen...psbase MemberSet psbase {ExtensionProperty, DeletionTimestamp, ObjectId, ObjectType, AccountEnabled, AgeGroup, AssignedLicenses...psextended MemberSet psextended {}psobject MemberSet psobject {Members, Properties, Methods, ImmediateBaseObject, BaseObject, TypeNames, get_Members, get_Propertie...Equals Method bool Equals(System.Object obj), bool Equals(Microsoft.Open.AzureAD.Model.User other), bool Equals(Microsoft.Op...GetHashCode Method int GetHashCode()GetType Method type GetType()get_AccountEnabled Method System.Nullable[bool] get_AccountEnabled()get_AgeGroup Method string get_AgeGroup()get_AssignedLicenses Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] get_AssignedLicenses()get_AssignedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] get_AssignedPlans()get_City Method string get_City()get_CompanyName Method string get_CompanyName()get_ConsentProvidedForMinor Method string get_ConsentProvidedForMinor()get_Country Method string get_Country()get_CreationType Method string get_CreationType()get_DeletionTimestamp Method System.Nullable[datetime] get_DeletionTimestamp()get_Department Method string get_Department()get_DirSyncEnabled Method System.Nullable[bool] get_DirSyncEnabled()get_DisplayName Method string get_DisplayName()get_ExtensionProperty Method System.Collections.Generic.Dictionary[string,string] get_ExtensionProperty()get_FacsimileTelephoneNumber Method string get_FacsimileTelephoneNumber()get_GivenName Method string get_GivenName()get_ImmutableId Method string get_ImmutableId()get_IsCompromised Method System.Nullable[bool] get_IsCompromised()get_JobTitle Method string get_JobTitle()get_LastDirSyncTime Method System.Nullable[datetime] get_LastDirSyncTime()get_LegalAgeGroupClassification Method string get_LegalAgeGroupClassification()get_Mail Method string get_Mail()get_MailNickName Method string get_MailNickName()get_Mobile Method string get_Mobile()get_ObjectId Method string get_ObjectId()get_ObjectType Method string get_ObjectType()get_OnPremisesSecurityIdentifier Method string get_OnPremisesSecurityIdentifier()get_OtherMails Method System.Collections.Generic.List[string] get_OtherMails()get_PasswordPolicies Method string get_PasswordPolicies()get_PasswordProfile Method Microsoft.Open.AzureAD.Model.PasswordProfile get_PasswordProfile()get_PhysicalDeliveryOfficeName Method string get_PhysicalDeliveryOfficeName()get_PostalCode Method string get_PostalCode()get_PreferredLanguage Method string get_PreferredLanguage()get_ProvisionedPlans Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] get_ProvisionedPlans()get_ProvisioningErrors Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] get_ProvisioningErrors()get_ProxyAddresses Method System.Collections.Generic.List[string] get_ProxyAddresses()get_RefreshTokensValidFromDateTime Method System.Nullable[datetime] get_RefreshTokensValidFromDateTime()get_ShowInAddressList Method System.Nullable[bool] get_ShowInAddressList()get_SignInNames Method System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] get_SignInNames()get_SipProxyAddress Method string get_SipProxyAddress()get_State Method string get_State()get_StreetAddress Method string get_StreetAddress()get_Surname Method string get_Surname()get_TelephoneNumber Method string get_TelephoneNumber()get_UsageLocation Method string get_UsageLocation()get_UserPrincipalName Method string get_UserPrincipalName()get_UserState Method string get_UserState()get_UserStateChangedOn Method string get_UserStateChangedOn()get_UserType Method string get_UserType()set_AccountEnabled Method void set_AccountEnabled(System.Nullable[bool] value)set_AgeGroup Method void set_AgeGroup(string value)set_City Method void set_City(string value)set_CompanyName Method void set_CompanyName(string value)set_ConsentProvidedForMinor Method void set_ConsentProvidedForMinor(string value)set_Country Method void set_Country(string value)set_CreationType Method void set_CreationType(string value)set_Department Method void set_Department(string value)set_DisplayName Method void set_DisplayName(string value)set_ExtensionProperty Method void set_ExtensionProperty(System.Collections.Generic.Dictionary[string,string] value)set_FacsimileTelephoneNumber Method void set_FacsimileTelephoneNumber(string value)set_GivenName Method void set_GivenName(string value)set_ImmutableId Method void set_ImmutableId(string value)set_IsCompromised Method void set_IsCompromised(System.Nullable[bool] value)set_JobTitle Method void set_JobTitle(string value)set_MailNickName Method void set_MailNickName(string value)set_Mobile Method void set_Mobile(string value)set_OtherMails Method void set_OtherMails(System.Collections.Generic.List[string] value)set_PasswordPolicies Method void set_PasswordPolicies(string value)set_PasswordProfile Method void set_PasswordProfile(Microsoft.Open.AzureAD.Model.PasswordProfile value)set_PhysicalDeliveryOfficeName Method void set_PhysicalDeliveryOfficeName(string value)set_PostalCode Method void set_PostalCode(string value)set_PreferredLanguage Method void set_PreferredLanguage(string value)set_ShowInAddressList Method void set_ShowInAddressList(System.Nullable[bool] value)set_SignInNames Method void set_SignInNames(System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] value)set_State Method void set_State(string value)set_StreetAddress Method void set_StreetAddress(string value)set_Surname Method void set_Surname(string value)set_TelephoneNumber Method void set_TelephoneNumber(string value)set_UsageLocation Method void set_UsageLocation(string value)set_UserPrincipalName Method void set_UserPrincipalName(string value)set_UserState Method void set_UserState(string value)set_UserStateChangedOn Method void set_UserStateChangedOn(string value)set_UserType Method void set_UserType(string value)ShouldSerializeAssignedLicenses Method bool ShouldSerializeAssignedLicenses()ShouldSerializeAssignedPlans Method bool ShouldSerializeAssignedPlans()ShouldSerializeDeletionTimestamp Method bool ShouldSerializeDeletionTimestamp()ShouldSerializeDirSyncEnabled Method bool ShouldSerializeDirSyncEnabled()ShouldSerializeLastDirSyncTime Method bool ShouldSerializeLastDirSyncTime()ShouldSerializeLegalAgeGroupClassification Method bool ShouldSerializeLegalAgeGroupClassification()ShouldSerializeMail Method bool ShouldSerializeMail()ShouldSerializeObjectId Method bool ShouldSerializeObjectId()ShouldSerializeObjectType Method bool ShouldSerializeObjectType()ShouldSerializeOnPremisesSecurityIdentifier Method bool ShouldSerializeOnPremisesSecurityIdentifier()ShouldSerializeProvisionedPlans Method bool ShouldSerializeProvisionedPlans()ShouldSerializeProvisioningErrors Method bool ShouldSerializeProvisioningErrors()ShouldSerializeProxyAddresses Method bool ShouldSerializeProxyAddresses()ShouldSerializeRefreshTokensValidFromDateTime Method bool ShouldSerializeRefreshTokensValidFromDateTime()ShouldSerializeSipProxyAddress Method bool ShouldSerializeSipProxyAddress()ToJson Method string ToJson()ToString Method string ToString()Validate Method System.Collections.Generic.IEnumerable[System.ComponentModel.DataAnnotations.ValidationResult] Validate(System...AccountEnabled Property System.Nullable[bool] AccountEnabled {get;set;}AgeGroup Property string AgeGroup {get;set;}AssignedLicenses Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedLicense] AssignedLicenses {get;}AssignedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.AssignedPlan] AssignedPlans {get;}City Property string City {get;set;}CompanyName Property string CompanyName {get;set;}ConsentProvidedForMinor Property string ConsentProvidedForMinor {get;set;}Country Property string Country {get;set;}CreationType Property string CreationType {get;set;}DeletionTimestamp Property System.Nullable[datetime] DeletionTimestamp {get;}Department Property string Department {get;set;}DirSyncEnabled Property System.Nullable[bool] DirSyncEnabled {get;}DisplayName Property string DisplayName {get;set;}ExtensionProperty Property System.Collections.Generic.Dictionary[string,string] ExtensionProperty {get;set;}FacsimileTelephoneNumber Property string FacsimileTelephoneNumber {get;set;}GivenName Property string GivenName {get;set;}ImmutableId Property string ImmutableId {get;set;}IsCompromised Property System.Nullable[bool] IsCompromised {get;set;}JobTitle Property string JobTitle {get;set;}LastDirSyncTime Property System.Nullable[datetime] LastDirSyncTime {get;}LegalAgeGroupClassification Property string LegalAgeGroupClassification {get;}Mail Property string Mail {get;}MailNickName Property string MailNickName {get;set;}Mobile Property string Mobile {get;set;}ObjectId Property string ObjectId {get;}ObjectType Property string ObjectType {get;}OnPremisesSecurityIdentifier Property string OnPremisesSecurityIdentifier {get;}OtherMails Property System.Collections.Generic.List[string] OtherMails {get;set;}PasswordPolicies Property string PasswordPolicies {get;set;}PasswordProfile Property Microsoft.Open.AzureAD.Model.PasswordProfile PasswordProfile {get;set;}PhysicalDeliveryOfficeName Property string PhysicalDeliveryOfficeName {get;set;}PostalCode Property string PostalCode {get;set;}PreferredLanguage Property string PreferredLanguage {get;set;}ProvisionedPlans Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisionedPlan] ProvisionedPlans {get;}ProvisioningErrors Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ProvisioningError] ProvisioningErrors {get;}ProxyAddresses Property System.Collections.Generic.List[string] ProxyAddresses {get;}RefreshTokensValidFromDateTime Property System.Nullable[datetime] RefreshTokensValidFromDateTime {get;}ShowInAddressList Property System.Nullable[bool] ShowInAddressList {get;set;}SignInNames Property System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.SignInName] SignInNames {get;set;}SipProxyAddress Property string SipProxyAddress {get;}State Property string State {get;set;}StreetAddress Property string StreetAddress {get;set;}Surname Property string Surname {get;set;}TelephoneNumber Property string TelephoneNumber {get;set;}UsageLocation Property string UsageLocation {get;set;}UserPrincipalName Property string UserPrincipalName {get;set;}UserState Property string UserState {get;set;}UserStateChangedOn Property string UserStateChangedOn {get;set;}UserType Property string UserType {get;set;} -
May 13, 2020 at 11:51 pm #227986
Maybe the force was a bit much, apologies. Thank you for sharing though. So if you run this, does it show an email address?
PowerShell1234$azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810$azbn | select-object -first 1 | foreach-object {$_.ObjectId} -
May 14, 2020 at 12:04 am #227989
No worries 🙂
No, I get back an object id…
PowerShell12345$azbn | select-object -first 1 | foreach-object {>> $_.ObjectId>> }90ebe360-5f28-4d49-bf97-5cff0383bc33But since the Set-AzureADUserLicense command prompts for an ObjectID, that’s what it wants, no?
Nelson
-
May 14, 2020 at 12:15 am #228001
Based on the docs, you would think so
PowerShell12-ObjectIdSpecifies the ID of a user (as a UPN or ObjectId) in Azure AD.But the examples show
PowerShell1If you run this, does it show an email address?
PowerShell12$user = Get-AzureADUser -SearchString email@emailaddress.com$user.objectidMaybe this will work?
PowerShell123$azbn | foreach-object {Set-AzureADUserLicense -ObjectId $_.UserPrincipalName -AssignedLicenses $LicensestoAssign} -
May 14, 2020 at 12:26 am #228010
Yeah, that worked! I’m not really sure how that did it, but it did. Why did it accept the UPN as opposed to the Object Id?
Thanks a bunch, one big piece of this down! Greatly appreciated.
Nelson
-
May 14, 2020 at 12:30 am #228013
Actually, I see it now in your example. That seems super backwards but ok I guess 🙂
Thank you again!
-
May 14, 2020 at 12:39 am #228019
Glad I could help 🙂
-
-
AuthorPosts
- The topic ‘Help with assigning licenses to AAD users within an AAD group’ is closed to new replies.