Ejemplo de script de PowerShell: Crear grupos de seguridad para profesores y alumnos de su centro educativo
Use este script de PowerShell para crear los grupos de seguridad que necesita para administrar las directivas de Microsoft Teams en su centro educativo. La asignación de directivas a grupos de Teams le permite asignar una directiva a un grupo de usuarios, como un grupo de seguridad. La asignación de directiva se extiende a los miembros del grupo en función de las reglas de prioridad. A medida que se agregan o se eliminan miembros de un grupo, sus asignaciones de directivas heredadas se actualizan correspondientemente.
Este script de PowerShell crea dos grupos de seguridad, uno para el personal y profesores y otro para los alumnos del centro educativo, según el tipo de licencia. Después, puede asignar directivas a los grupos de seguridad que ha creado. Para obtener más información sobre el uso de este script, vea Asignar directivas a grandes conjuntos de usuarios de su centro educativo.
Este script hace lo siguiente:
- Identifica al personal y a los formadores a los que se les asigna una SKU para profesores, crea un grupo de seguridad y, a continuación, agrega personal y formadores al grupo.
- Identifica a los alumnos a los que se les ha asignado una SKU de estudiante, crea un grupo de seguridad y, a continuación, agrega los alumnos al grupo.
- Novedades la pertenencia a cada grupo de seguridad para agregar o quitar docentes, profesores y alumnos en función de si tienen una licencia.
Tendrá que ejecutar este script periódicamente para mantener actualizados los grupos de seguridad.
Importante
Es importante comprender las reglas de prioridad y la clasificación de asignaciones de grupo al asignar directivas a grupos. Asegúrese de leer y comprender los conceptos de Lo que debe saber sobre la asignación de directivas a grupos.
Antes de empezar
Descargue e instale el módulo Skype Empresarial PowerShell en línea y, a continuación, reinicie el equipo si se le solicita.
Nota
El 30 de marzo de 2024 está previsto que Azure AD Powershell quede en desuso. Para obtener más información, lea la actualización del desuso.
Recomendamos migrar a Microsoft Graph PowerShell para interactuar con Microsoft Entra ID (anteriormente Azure AD). Microsoft Graph PowerShell permite el acceso a todas las API de Microsoft Graph y está disponible en PowerShell 7. Para obtener respuestas a las consultas de migración comunes, consulte las Preguntas más frecuentes sobre la migración.
Para obtener más información, consulte Administrar Skype Empresarial Online con Office 365 Introducción a PowerShell y Teams.
Ejemplo de script
<#
Script Name:
CreateOrUpdate_SecurityGroup_Per_LicenseType.ps1
Synopsis:
This script is designed to perform following operations:
1. Create a security group for faculty and student members based on the assigned license SKU and add the members accordingly.
2. Update the security group to add/remove teachers and students so that only users who have a valid teacher/student license are present in the group.
The output of the script is written in a log file present at location: C:\results\log.txt
Written By:
Mihir Roy
Change Log:
Version 1.0, 10/08/2019 - First Draft
#>
#Figure out to determine if the user is using an existing group or creating a new one
param
(
[string]$teachergroupname,
[string]$teachergroupdesc,
[string]$studentgroupname,
[string]$studentgroupdesc,
[Guid]$facultyid,
[Guid]$studentid
)
[bool] $create = $false
if ([string]::IsNullOrEmpty($teachergroupname) -and [string]::IsNullOrEmpty($studentgroupname) -and [string]::IsNullOrEmpty($studentid) -and [string]::IsNullOrEmpty($facultyid)) {
throw "Please enter valid groupnames to create groups for Teachers and Students. In order to update a group, please enter the teacher and/or student group id's."
}
#Connect to Azure AD
Write-Host "`n"
Write-Host -ForegroundColor Green "Please enter your Global Administrator Username and Password"
Write-Host "`n"
Connect-MsolService
[Guid] $teachergroupid = New-Guid
[Guid] $studentgroupid = New-Guid
if (![string]::IsNullOrEmpty($teachergroupname)) {
New-MsolGroup -DisplayName $teachergroupname -Description $teachergroupdesc
$Group = Get-MsolGroup -SearchString $teachergroupname
$teachergroupid = $Group.ObjectId
$create = $true
}
if (![string]::IsNullOrEmpty($studentgroupname)) {
New-MsolGroup -DisplayName $studentgroupname -Description $studentgroupdesc
$Group = Get-MsolGroup -SearchString $studentgroupname
$studentgroupid = $Group.ObjectId
$create = $true
}
#Build the Students Array
$StudentsArray = @()
#Build the Teachers Array
$TeachersArray = @()
#Build the Student Sku Array
$StudentSkus = @()
$AllSkus = Get-AzureADSubscribedSku
$StudentSkuIDs = ($AllSkus | ? {$_.skupartnumber -like "*student*"}).skuid
Write-Host -ForegroundColor Green "The Student Skus identified are listed below:"
Foreach ($Element in $StudentSkuIDs) {
$SkuPart = (Get-AzureADSubscribedSku | ? {$_.SkuID -eq $Element}).SkuPartNumber
Write-Host -ForegroundColor Green "Student SkuID ${Element} for License $SkuPart"
}
Write-Host "`n"
#Build the Teacher Sku Array
$TeacherSkus = @()
$AllSkus = Get-AzureADSubscribedSku
$TeacherSkuIDs = ($AllSkus | ? {$_.skupartnumber -like "*faculty*"}).skuid
Write-Host -ForegroundColor Green "The Teacher Skus identified are listed below:"
Foreach ($Element in $TeacherSkuIDs) {
$SkuPart = (Get-AzureADSubscribedSku | ? {$_.SkuID -eq $Element}).SkuPartNumber
Write-Host -ForegroundColor Green "Teacher SkuID ${Element} for License $SkuPart"
}
Write-Host "`n"
#Get All Users in AAD
Write-Host -ForegroundColor Green "Getting All Users in Azure Active Directory with an assigned license"
Write-Host "`n"
$AllUsers = Get-AzureADUser -All $true | ? {$_.AssignedLicenses -ne $null}
$teacherAdd = $create -and ($teachergroupid -ne $null)
$studentAdd = $create -and ($studentgroupid -ne $null)
#Start foreach loop for all users with student licenses
if ($teacherAdd -or $studentAdd) {
Foreach ($User in $AllUsers) {
$ObjectID = $User.ObjectID
Write-host "`n"
Write-Host -ForegroundColor Green "Getting Assigned Licenses for $DN"
$GetUser = Get-AzureADUser -objectid $user.objectid
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Write-Host -ForegroundColor Green "User Assigned License: " $User.Displayname "-" $AssignedLicenses "-" $User.ObjectId
#Set Variables
$UPN = $User.userprincipalname
$DN = $User.Displayname
$OBJ = $User.ObjectID
$Age = $User.AgeGroup
$Consent = $User.ConsentProvidedForMinor
$Legal = $User.LegalAgeGroupClassification
#Start foreach loop for all assigned skus
Foreach ($License in $AssignedLicenses) {
#Creating new PS Object for each Sku and adding to the array
If ($TeacherSkuIDs -contains $License) {
$TeacherObj = New-Object PSObject
$TeacherObj | Add-Member NoteProperty -Name UserPrincipalName -Value $UPN
$TeacherObj | Add-Member NoteProperty -Name DisplayName -Value $DN
$TeacherObj | Add-Member NoteProperty -Name ObjectID -Value $OBJ
$TeacherObj | Add-Member NoteProperty -Name SkuID -Value $License
$TeacherObj | Add-Member NoteProperty -Name AgeGroup -Value $Age
$TeacherObj | Add-Member NoteProperty -Name ConsentProvidedForMinor -Value $Consent
$TeacherObj | Add-Member NoteProperty -Name LegalAgeGroupClassification -Value $Legal
$TeachersArray += $TeacherObj
if ($teachergroupid -ne $null) {
Add-MsolGroupMember -GroupObjectId $teachergroupid -GroupMemberType User -GroupMemberObjectId $OBJ
}
}
If ($StudentSkuIDs -contains $License) {
$StudentObj = New-Object PSObject
$StudentObj | Add-Member NoteProperty -Name UserPrincipalName -Value $UPN
$StudentObj | Add-Member NoteProperty -Name DisplayName -Value $DN
$StudentObj | Add-Member NoteProperty -Name ObjectID -Value $OBJ
$StudentObj | Add-Member NoteProperty -Name SkuID -Value $License
$StudentObj | Add-Member NoteProperty -Name AgeGroup -Value $Age
$StudentObj | Add-Member NoteProperty -Name ConsentProvidedForMinor -Value $Consent
$StudentObj | Add-Member NoteProperty -Name LegalAgeGroupClassification -Value $Legal
$StudentsArray += $StudentObj
if ($studentgroupid -ne $null) {
Add-MsolGroupMember -GroupObjectId $studentgroupid -GroupMemberType User -GroupMemberObjectId $OBJ
}
}
}
}
}
if ((!$teacherAdd) -and ($facultyid -ne $null)) {
#Users to be Added in the Teacher Group that are not present
$teacherGrpMembers = Get-MsolGroupMember -GroupObjectId $facultyid
$teachersToAdd = ($AllUsers | ? {$_.ObjectId -ne $null}).objectid | Where {($teacherGrpMembers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
Foreach ($id in $teachersToAdd) {
$GetUser = Get-AzureADUser -objectid $id
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Foreach ($License in $AssignedLicenses) {
#Adding faculty members to the security group
If ($TeacherSkuIDs -contains $License) {
Add-MsolGroupMember -GroupObjectId $facultyid -GroupMemberType User -GroupMemberObjectId $id
}
}
}
#Users (Faculty) to be removed from the group that are not in tenant anymore
$teachersToRemove = ($teacherGrpMembers | ? {$_.ObjectId -ne $null}).objectid | Where {($AllUsers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
if ($teachersToRemove.Count > 0) {
Foreach ($id in $teachersToRemove) {
Remove-MsoLGroupMember -GroupObjectId $facultyid -GroupMemberType User -GroupmemberObjectId $id
}
}
}
if ((!$studentAdd) -and ($studentid -ne $null)) {
#Users to be Added in the Student Group that are not present
$studentGrpMembers = Get-MsolGroupMember -GroupObjectId $studentid
$studentsToAdd = ($AllUsers | ? {$_.ObjectId -ne $null}).objectid | Where {($studentGrpMembers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
Foreach ($id in $studentsToAdd) {
$GetUser = Get-AzureADUser -objectid $id
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Foreach ($License in $AssignedLicenses) {
#Adding student members to the security group
If ($StudentSkuIDs -contains $License) {
Add-MsolGroupMember -GroupObjectId $studentid -GroupMemberType User -GroupMemberObjectId $id
}
}
}
#Users (Students) to be removed the group that are not in tenant anymore
$studentsToRemove = ($studentGrpMembers | ? {$_.ObjectId -ne $null}).objectid | Where {($AllUsers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
if ($studentsToRemove.Count > 0) {
Foreach ($id in $studentsToRemove) {
Remove-MsolGroupMember -GroupObjectId $studentid -GroupMemberType User -GroupmemberObjectId $id
}
}
}
Start-Transcript -Path "C:\results\log.txt"
if ($facultyid -ne $null) {
$TeacherGroup = Get-MsolGroupMember -GroupObjectId $facultyid
Write-Host -ForegroundColor Green "Teacher Group Count:" $TeacherGroup.Count
Write-Host -ForegroundColor Green "Teacher Group Id:" $facultyid
}
else {
$TeacherGroup = Get-MsolGroupMember -GroupObjectId $teachergroupid
Write-Host -ForegroundColor Green "Teacher Group Count:" $TeacherGroup.Count
Write-Host -ForegroundColor Green "Teacher Group Id:" $teachergroupid
}
if ($studentid -ne $null) {
$StudentGroup = Get-MsolGroupMember -GroupObjectId $studentid
Write-Host -ForegroundColor Green "Student Group Count:" $StudentGroup.Count
Write-Host -ForegroundColor Green "Student Group Id:" $studentid
}
else {
$StudentGroup = Get-MsolGroupMember -GroupObjectId $studentgroupid
Write-Host -ForegroundColor Green "Student Group Count:" $StudentGroup.Count
Write-Host -ForegroundColor Green "Student Group Id:" $studentgroupid
}
Stop-Transcript