Hello ARSS Community. We use Active Roles Synchronization Service.
I believe my question is related to Handlers, Step, or Connection.
I am trying to determine if ARSS can run separate powershelll commands as part of step, but the commands are not related to syncing attributes. and rather to process a command against the target users.
Here is the overview.
We currently Sync users from AD to Azure AD and M365 using the connectors. When new users are created by a provision workflow step, I then need to run afterwards, a completely separate few lines of Azure AD powershell against each created user. I am not sure if this can be done by trying to use the $destObj and if so, where to place this code to run it. Any advice or links to samples or information would be great if you have any ideas.
I was trying to find more examples on Step Handlers as a post step. I was also not sure if each of the 3 lines of pshell below need to be a separate step in the step handler, or just 1 step with all the code together. I guess I'm just trying to sort out what, where,. how.
Here is the detail:
Users source from Active Directory
1. Run a workflow step that provisions new users in the destination (Azure AD)
Each user has a unique 8 character ID that we place to the left of the @ sign on the UPN
Each users email address is included when the user is created.
I was thinking that variable to get the UPN and Mail by $destObj but not sure how or where to try it.
2. Once the Azure AD user is created, I need to run this code. However, I am not sure how or where to try and run it within ARSS steps, handlers, etc.
Example of 1 user: firstname.lastname@example.org
#STEP 1: Set Variable to collect the existing Azure AD user.
$ADGraphUser = Get-AzureADUser -objectID email@example.com
#STEP 2: Set Variable for msgraph
$msGraphUser = New-Object Microsoft.Open.MSGraph.Model.User -ArgumentList $ADGraphUser.ObjectId
#STEP 3: convert member to external member
New-AzureADMSInvitation -InvitedUserEmailAddress Danny.Ocean11@example.com -SendInvitationMessage $False -InviteRedirectUrl http://myapps.microsoft.com -InvitedUser $msGraphUser
Any thoughts or advice would be much appreciated. Thank you for your time.