Question

用这个吸引了我的脑筋。基本上，我的公司有一个母公司，我们需要连接到他们的AzureAD。他们给了我们一个服务帐户，我创建了一个脚本来通过CSV并邀请整个公司，但是我正在尝试创建一个脚本，我可以安排只通过浏览来邀请尚未邀请的用户我们的Azure AD。

到目前为止，这是我的工作，除了最后一个最重要的步骤（似乎是邀请尚未被邀请的用户）之外，它似乎运行良好。

当用户在我们的AzureAD中被禁用时，我还希望能够从母公司的AzureAD中删除他们。甚至不知道从那开始。

# Import Modules
Import-Module MSOnline
Import-Module AzureAD


# Authentication details for your AzureAD
$365Username = "email"
$365Password = "password"
$365pass = ConvertTo-SecureString -AsPlainText $365Password -Force
$365creds = New-Object System.Management.Automation.PSCredential -ArgumentList $365Username,$365pass
connect-msolservice -Credential $365creds


# Authentication details of Service Account
$Username = "service account email"
$Password = "service account password"
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
Connect-AzureAD -Credential $creds -TenantId "tenantID"


# Get your users and email addresses
$Users = Get-MsolGroupMember -ALL -GroupObjectId groupID -MemberObjectTypes User
$emails = $users.EmailAddress


# Find all users already invited
$adazure_user = foreach($email in $emails)
{
    Get-AzureADUser -ErrorAction SilentlyContinue -ObjectId "$($email -replace "@", "_")#EXT#@tenant.onmicrosoft.com"

}


# Invite users who haven't been invited yet
foreach ($email in $emails)
{
    #If the user exists, do nothing
    if($adazure_user){}
    #Else if they don't exist, send the invite
    else
    {
        New-AzureADMSInvitation -InvitedUserEmailAddress $email -InviteRedirectUrl https://myapps.microsoft.com -SendInvitationMessage $false

        Set-AzureADuser -ObjectId $users.Name"."$users.Surname"_domain.com#EXT#@tenant.onmicrosoft.com” -GivenName $users.Name -Surname $users.Surname
    }
}

任何帮助将不胜感激！

Answer 1

我终于找到了尝试理解您的代码的时间。此解决方案应该有效。

# Authentication details of Service Account
$Username = "service account email"
$Password = "service account password"
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
Connect-AzureAD -Credential $creds -TenantId "tenantID"


# Get your users and email addresses
$Users = Get-MsolGroupMember -ALL -GroupObjectId groupID -MemberObjectTypes User
$emails = $users.EmailAddress

$nonInvited = New-Object -TypeName "System.Collections.ArrayList"

# Traverses all emails and stores those that wasn't found in $nonInvited
foreach($email in $emails)
{
    $userTemp = $null

    try {
        $userTemp = Get-AzureADUser -ErrorAction SilentlyContinue -ObjectId "$($email -replace "@", "_")#EXT#@tenant.onmicrosoft.com"
    }
    catch {}

    if($null -eq $userTemp) {
        $nonInvited.Add($email)
    }
}


# Invite users who haven't been invited yet
foreach ($email in $nonInvited)
{

        New-AzureADMSInvitation -InvitedUserEmailAddress $email -InviteRedirectUrl https://myapps.microsoft.com -SendInvitationMessage $false

        Set-AzureADuser -ObjectId $users.Name"."$users.Surname"_domain.com#EXT#@tenant.onmicrosoft.com” -GivenName $users.Name -Surname $users.Surname

}

当我进行测试时，Get-AzureADUser在寻找无法找到的用户时失败了。这就是为什么我使用try {} catch {}部分来帮助我。

New-AzureADMSInvitation仅适用于尚未邀请的用户

1 个答案: