Thursday, August 23, 2012

Using PowerShell to manage Office 365 security groups


To display a list of groups available in Office 365 


In PowerShell type - Get-MSOLGroup 

This will display a list of groups and the group type i.e. Security or Distribution 


Add individual users to a security group 


$studentsGroup = Get-MsolGroup | where-object { $_.DisplayName -eq "students-security"} 
$user = Get-MsolUser | where-object { $_.DisplayName -eq "Jane Mcburney" } 
Add-MsolGroupMember -GroupObjectId $studentsGroup.ObjectId -GroupMemberObjectId $user.ObjectId -GroupMemberType "User" 


Add CSV user list to a security group 


  1. Export a list of UPN names using PowerShell to csv. 
Get-MSOLUser | Select UserPrincipalName|Export-Csv c:\tools\user.csv 
  1. Edit the user.csv so that it contains only accounts you want to add to the security group. 
  2. Import the users.csv containing the UPN and export a new csv user2.csv with the users objectId. 
$sub = Import-Csv C:\tools\users.csv 
$sub | Foreach {Get-Msoluser -UserPrincipalName $_.Userprincipalname | select Objectid } | Export-csv C:\tools\Users2.csv 
  1. Display  the security group objectid 
Get-MSOLGroup 
  1. Copy the 32 digit objectid code of the security group you want to add users to. 
  2. Modify the following script to add the copied security group objectid. The following script will import the users2.csv containing the users objectid and add to the security group. 
$sub2 = Import-Csv C:\tools\users2.csv 
$sub2 | Foreach {Add-MsolGroupMember -groupObjectid ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx’ -GroupMemberObjectId $_.ObjectId -GroupMemberType User} 


List members of a security group 


  1. Display  the security group objectid 
Get-MSOLGroup 
  1. Copy the 32 digit objectid code of the security group you want to check members. 
  2. Modify the following script to add the copied security group objectid. The following script will export members of a security group members to csv. 
Get-MsolGroupMember -groupObjectid 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' | Select DisplayName,EmailAddress,GroupMemberType | Export-csv C:\tools\security-group-members.csv 


1 comment:

Snark said...

This was truly helpful. Thanks. Powershell commands are generally documented in a very abstruse way and this helped me not only with a specific task but helped me understand the structure and possibilities generally.