• State Not Answered
  • Replies 15 replies
  • Subscribers 63 subscribers
  • Views 4078 views
  • Users 0 members are here
Options
Related

Add Users directly to M365 groups in workflow or policies

infra_2020
over 2 years ago

Hi,

We are currently setting up ARS 7.4.4 and trying to add a user to a M365 group (cloud only, not synced from on-premise) using a workflow or provisioning policy however we have been unable to get this to work.

Has anyone been able to achieve this without custom scripts? 

All help is appreciated.

Thanks in advance. 

  • 0 over 2 years ago in reply to aalbrechm

    You don't need to use the $context.O365ImportModule for this at all as you are not actually calling any Azure cmdlets.

    So you can remove that line and change your Get.. thus:

    $azureObjId = (Get-QADObject -proxy -identity $DN -IncludedProperties "edsvaAzureObjectId").edsvaAzureObjectId

    ...your AR server's existing connection to the tenant should get you the object properties

  • 0 over 2 years ago in reply to JohnnyQuest

    yeah that is true but what if i want to use o365 cmdlets? THerefore i understand to use $context.O365ExecuteScriptCmd(get-azureaduser) for example

    Is this wrong?

  • 0 over 2 years ago in reply to aalbrechm

    That in itself is correct if you need to pull Azure object properties that are not presented through Active Roles.  

    The thing is that's important to understand is that you need to build a list of the commands that you want to execute into a CR/LF delimited list and then pass that to the ScriptCmd call.

  • 0 over 2 years ago in reply to JohnnyQuest

    okay i try to make it more explicit. i want to set following commandlets in the deprovision process of Active Roles, perhaps you can help me and clear the whole situation:

    Connect-IPPSSession

    and afterwarts a set-retentioncompliancepolicy

    how can I import the different cmdlets needed here?

    Thanks in advance,

    Michael

  • 0 over 2 years ago in reply to Shawn.Ferrier

    Hi Shawn/Johnny,

    Was you able to get the AzureAD module working? As we cannot write directly to O365 I plan on running a powershell script to drop the users in. 

    I have created the script below but when executed in a workflow i get the same error as your screenshot previously... 

    function AddUserToPrimaryAADGroups()
    {

    $context.O365ImportModule("azuread")

    #Get and Set Users details from the Workflow Saved Object Properties Step.
    $userobjectid = $workflow.SavedObjectProperties("UserDetails").get("edsvaAzureObjectId")

    #Static Group ObjectID
    $groupobjectid = 'objectIDofgroupnotdisplayedforobviousreasons'

    #Add user to Static group

    $context.O365ExecuteScriptCmd("Add-AzureADGroupMember -ObjectId $groupobjectid -RefObjectId $userobjectid")

    #Disconnect from AzureAD
    Disconnect-AzureAD -Confirm:$false

    }

    The error I receive is: 

    Activity type: ActiveRoles.Workflow.Activities.PowerShellActivity
    Script Module: O365ServicesScriptExecution - Configuration
    Details:
    At line: 36 char:2. Exception calling "O365ServicesConfigure" with "0" argument(s): "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "