MSOL Admin Function

Welcome Forums General PowerShell Q&A MSOL Admin Function

This topic contains 1 reply, has 2 voices, and was last updated by

 
Participant
3 months, 3 weeks ago.

  • Author
    Posts
  • #103283

    Participant
    Points: 0
    Rank: Member

    For anyone with extra time:

    How should I go about error handling/prevention for the User already being a member of the target groups?

    function set-365admin {
    
      [CmdletBinding()]
      param
      (
        [Parameter(Mandatory=$false,
        HelpMessage='Do you want to use Default Settings, if you do not specify its set to true?')]
          [bool] $default = $true,
          [Parameter(Mandatory=$false,
        HelpMessage='Do you want to use Default Settings, if you do not specify its set to true?')]
          [string] $user = (read-host "Type a user display name like 'Sue Somebody'"),
        [Parameter(Mandatory=$True,
        HelpMessage="This will open the Technet Article describing all available roles, set to false by default use '-web:`$`true' to trigger page")]
          [bool] $web = $false,
        [Parameter(Mandatory=$false,
        HelpMessage="Adds read access on all O365 Users and adds Admin access to EAC")]
          [string] $roleName="Exchange Service Administrator",
          [Parameter(Mandatory=$false,
        HelpMessage="Adds Support Link to Create Service Tickets Direct with MS or Dell as Applicable")]
          [string] $roleName2="Service Support Administrator",
          [Parameter()]
              $oldverbose = $VerbosePreference,
           [Parameter()]
              $VerbosePreference = "continue",
          [Parameter(Mandatory=$false,
          HelpMessage="Use this to reviwe the available admin roles, pipe it out to gridview or just call it")]
          $roles = (Get-MsolRole | ? {$_.Name -like '*administrator*'} | Select *)
    
      )
      process {
      $oldverbose = $VerbosePreference
      $VerbosePreference = "continue"
      Write-Verbose "Verbose Set Proceeding"
      start-sleep -Seconds 2
      IF ($web) 
      {start https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles-azure-portal}
      elseif ($default) {
      write-verbose "Detected Default Config - $default Use CTRL + C to QUIT or Hit Enter to Proceed"
    
      pause
    Add-MsolRoleMember -RoleMemberEmailAddress (Get-MsolUser | Where DisplayName -eq $dispName).UserPrincipalName -RoleName $roleName
        write-verbose "Added Exchange Admin proceeding with Service Support Admin"
    Add-MsolRoleMember -RoleMemberEmailAddress (Get-MsolUser | Where DisplayName -eq $dispName).UserPrincipalName -RoleName $roleName2
    
        Write-Verbose "$user is currently member of the following"
    Get-MsolUserRole -UserPrincipalName ((Get-MsolUser | ? {$_.DisplayName -like $user}).UserPrincipalName)
    
        Write-Verbose "Script is completed, resetting verbose and exiting"
        $VerbosePreference = $oldverbose
        
        Break
      }
      else {
      $oldverbose = $VerbosePreference
      $VerbosePreference = "continue"
      write-verbose "This function is designed to address default adjustments only, please modify user membership manually"
      start-sleep -Seconds 2
      Write-verbose "Triggering the How to Page"
      start https://docs.microsoft.com/en-us/powershell/module/msonline/add-msolrolemember?view=azureadps-1.0
    
      Write-Verbose "Script is completed, resetting verbose and exiting"
        $VerbosePreference = $oldverbose
        Break
      }
      #End Process
      }
      #End Function
      }
    
    
  • #103292

    Participant
    Points: 15
    Rank: Member

    I don't see where you are trying to look at groups or compare against group list.
    Use the MSOL cmdlets to get a list of the users in a given group and use if/then or try catch.
    Use the current user and the MSOL cmdlets to check membership, and use the same logic as in the above.

    Get-Msol​Group
    Gets groups from Azure Active Directory.
    'docs.microsoft.com/en-us/powershell/module/msonline/get-msolgroup?view=azureadps-1.0'

    Get-Msol​Group​Member
    Retrieves members of the specified group.
    'docs.microsoft.com/en-us/powershell/module/msonline/get-msolgroupmember?view=azureadps-1.0'

The topic ‘MSOL Admin Function’ is closed to new replies.