Help with assigning licenses to AAD users within an AAD group

Welcome Forums General PowerShell Q&A Help with assigning licenses to AAD users within an AAD group

Viewing 10 reply threads
  • Author
    Posts
    • #227968
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      Hi everyone,

      This will be part of a larger thing I scale out but for now, trying to get the following to work. I have an Azure AD group…….

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810
      I want to assign licenses to each of the members in this group. I have done the following and this works when I do it with an individual Azure AD user. Specifically the EMS license.
      $E3License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $EMSLicense = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
      $E3License.SkuId = “6fd2c87f-b296-42f0-b197-1e91e994b900”
      $EMSLicense.SkuId = “efccb6f7-5641-4e0e-bd10-b4976e1bf68e”
      $LicensestoAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
      $LicensestoAssign.AddLicenses = $EMSLicense
      #Assign License to user
      Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensestoAssign

      When I try to do this for the group members, I get this…..

      PS C:\Users\nelso\OneDrive\Powershell> $azbn | ForEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -AssignedLicenses $LicensestoAssign}

      Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
      At line:1 char:58
      + … rEach-Object {Set-AzureADUserLicense -ObjectId $azbn.ObjectId -Assig …
      + ~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

      Anyone who can assist with a way to make this work, I’d greatly appreciate it.

      Thanks in advance.

      Nelson

    • #227971
      Participant
      Topics: 9
      Replies: 707
      Points: 2,842
      Helping Hand
      Rank: Community Hero

      Well first, I don’t see where you populated your $user variable. Second, when you use foreach-object,the automatic variable is $_, $azbn is assumed to be a collection of users. Seems you just need to adjust your foreach loop.

      Or

    • #227974
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      Thanks for the reply. Yeah, I left out the user variable since I know that worked.

      Just tried both of your changes and I get the same error about -ObjectId being null. I had tried the first way before but same. Frustrating thing is it’s not null based on doing this….

      PS C:\Users\nelso\OneDrive\Powershell> Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810 | Select ObjectId

      ObjectId
      ——–
      90ebe360-5f28-4d49-bf97-5cff0383bc33
      c767a7d6-d989-461d-91f7-23d8102bc30d
      1ba3132f-1263-4adc-a1b0-5c40a9af84bb
      f0f3bd33-35da-458c-8346-28e789c7696a
      ccc44d6b-6bd4-42cf-947f-e04f0d0cffed
      b35d45ba-e330-40d3-aca3-c1fb7744062e
      b723ebf0-3f03-4f7e-99a9-dfa717336d1e
      fd3405c8-4349-476a-a4e6-4973301f2ed5
      d5e1ed38-3fa5-49c4-abaa-dfcb59b20776
      d44d6dc5-2ede-41a0-95ed-6c23ca75fee3
      327d1cd8-ae0d-411c-86ac-5fb04259d85f
      c33ecbf6-5c18-49f2-85b4-236aad4a79b2
      c4a383ab-3a26-4a80-8d64-9746f19574d8
      6ff0d189-bedd-4b5d-871a-e83c3246b9a7
      1bf9ac5a-337d-4400-9323-f686ea6b0491
      7cfc14b2-5b0b-4435-a72e-30904335740b
      9824721c-4b2e-4ac5-acdd-aaead2fe7d27
      b5eeac7b-0214-4458-90e6-bd89b894ebad
      703c7699-9ad2-4d34-a765-3f2b0888edda

       

      Anyhow, here’s the error.

      PS C:\Users\nelso\OneDrive\Powershell> foreach($user in $azbn){
      >> Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $LicensestoAssign
      >> }

      Set-AzureADUserLicense : Cannot bind argument to parameter ‘ObjectId’ because it is null.
      At line:2 char:38
      + Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses …
      + ~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Set-AzureADUserLicense], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.SetUserLicenses

       

      Thanks.

    • #227977
      Participant
      Topics: 9
      Replies: 707
      Points: 2,842
      Helping Hand
      Rank: Community Hero

      Hi Nelson,
      Type this and post the output please.

      Also, show your $user assignment.

    • #227980
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      Here you go. Thank you!

      $azbn = Get-AzureADGroupMember -ObjectId 45e79d49-f4ab-4398-a817-4fac1af21810

      $azbn | gm -Force

      $user = Get-AzureADUser -SearchString [email protected]
    • #227986
      Participant
      Topics: 9
      Replies: 707
      Points: 2,842
      Helping Hand
      Rank: Community Hero

      Maybe the force was a bit much, apologies. Thank you for sharing though. So if you run this, does it show an email address?

    • #227989
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      No worries 🙂

      No, I get back an object id…

      But since the Set-AzureADUserLicense command prompts for an ObjectID, that’s what it wants, no?

      Nelson

    • #228001
      Participant
      Topics: 9
      Replies: 707
      Points: 2,842
      Helping Hand
      Rank: Community Hero

      Based on the docs, you would think so

      But the examples show

      If you run this, does it show an email address?

      Maybe this will work?

    • #228010
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      Yeah, that worked! I’m not really sure how that did it, but it did. Why did it accept the UPN as opposed to the Object Id?

      Thanks a bunch, one big piece of this down! Greatly appreciated.

      Nelson

    • #228013
      Participant
      Topics: 9
      Replies: 21
      Points: 140
      Rank: Participant

      Actually, I see it now in your example. That seems super backwards but ok I guess 🙂

      Thank you again!

    • #228019
      Participant
      Topics: 9
      Replies: 707
      Points: 2,842
      Helping Hand
      Rank: Community Hero

      Glad I could help 🙂

Viewing 10 reply threads
  • The topic ‘Help with assigning licenses to AAD users within an AAD group’ is closed to new replies.