Assign Group to users massively

Question

Hi,
i'm writing on behalf of a friend, that due to coronvirus has been "elected" as one of administraotr of Microsoft for school plan A1.
Unfortuantely he has been involved, once the user had been already created on the tenant.
they have more 600 users divied in teacher, student and external collaborator.
Unfortunately the company who created the user, did not create any AD group to divide them , but they :

1. follow this rule when creating account :
   ******@schoolname.com where
   xxx is "d" if the user is a teacher
   xxx is "s" if the user is a student
   xxx is "ose" if the user is an external collaborator
2. The "title" (or role) field contains "Teacher", "Student", "Collaborator" based on the user

He would like to create 3 different AD Group "Teacher", "Student", "Collaborator", but in the user management , he cannot find a way to filter the users based on xxx@schoolname criteria , or sort/filter based on title or role (that is an available display column), so he can select part of the users and massively assign a group.

he has to select one by one , and ufortunatey the users are sorteb by name, so it is a big mess.

is there a way to apply the filter or sorting based on art of the account name ot title ?
is there a way with powershell to do it ?

thanks in advance

Fabrizio

Answer 1

Yes, currently if you want to do it in a large range you will need to do it thanks to PowerShell.

In this scenario, you can use the PowerShell module called AzureAD and use the following CmdLine to be able to add members to your Azure AD Group : https://learn.microsoft.com/fr-fr/azure/active-directory/users-groups-roles/groups-settings-v2-cmdlets. Azure AD module can be installed easily by typing the command : Install-Module AzureAD from any server that is able to reach Internet. Then, you can see all the available commands by doing the command : Get-Command -Module AzureAD and the CmdLet that will be useful for you will be : Add-AzureADGroupMember. Are you confortable with PowerShell ?

Answer 2

Hi.
Thgibard, tks for your reply.
This should be waht i was looking for.
I've never played with powershell, but i can give it a try.

Maybe i can try to post here what for me could be the command, or if you have already a solution i can try it

B.regards
and tks again for your support

Fabrizio

Answer 3

Hi,
me again .. i manage to found the two commands i need :

Get-AzureADUser -Filter "JobTitle eq 'Docente'"

to retireve all the object if od the users and then
use the
Add-AzureADGroupMember -ObjectId "xxxxx" -RefObjectId "yyyy"

is there a way to use directly the result of command1 in command 2 ?
Should i use a script ?

Thanks in advance
FAbrizio

Answer 4

Hello @Fiammenghi Fabrizio

The problem is - it's quite complicated to help you if I can't see/understand the exact configuration that you have in your Tenant (name of the groups concerned, users that you want to add, etc.). And you cannot obviously display all these details in a public forum.

However, I've done a small example on my personal environment and here more details that you can use :

1) You will do that in PowerShell. The module AzureAD must be installed. You can do that on your personal Laptop/Desktop or on a server : no constraint on that. So, install the module with the following command and accept by clicking Yes when prompted : Install-Module AzureAD.

2) Then, you will need to connect in PowerShell to your O365/Azure AD environment. To do so, you will use the following command : Connect-AzureAD. When you will press Enter, you will be prompted to authenticate yourself to your O365 Tenant.

3) After, you can try a few commands : Get-AzureADUser will give you in PowerShell the list of your users. Get-AzureADGroup will give you the list of your groups.

4) To be able to add members to a specific Azure AD Group, you will need to use the following command : Add-AzureADGroupMember -ObjectId ccb09ffc-10aa-41be-a5b3-19aaf34f8c1d -RefObjectId 9642cb71-fa91-437d-aba1-1306b8b0b7de

The first parameter ObjectID is the unique identifier for your Azure AD Group. The second parameter RefObjectId is the unique iD for the USER that you want to be a member of this group.

Finally, this unique command will obviously add 1 guy to 1 group. In your scenario, you want to do a massive add - so there will certainly be a ForEach loop somewhere and if you want to take in account the extension XXX that you have in your emails (for teachers, students, etc.) - you will probably need a few IF statements.

But without seeing everything, I can't go deeply in details.
thgibard.

Answer 5

Hi,
this is is exactly, what i tried to do .. but i think the problem now is question of sintax

Get-AzureADUser -Filter "JobTitle eq 'Docente'" correctly list the "Teacher"
so filtering user is no more a problem

I tried the foreach filtering only 1 user , asked to show only the column objectid
and then pass to the addmemember

(Get-AzureADuser -filter "UserPrincipalName eq 'stefano.d@keyman .it'" | select objectid) | foreach { add-azureadgroupmember -objectid "8a79f56b-7e47-4f91-bb6e-b891989461ce" -refobjectid $_ }

but the problem i receive following error :

add-azureadgroupmember : Error occurred while executing AddGroupMember
Code: Request_BadRequest
Message: Invalid object identifier '@{ObjectId=a05d9d51-217b-480d-b1b5-12d27ece1e78}'.
RequestId: d3d226be-ddf5-4847-ac9c-f55209750729
DateTimeStamp: Sun, 19 Apr 2020 18:27:25 GMT

how to pass correct objectid ?

tks in advance
FAbrizio