Script Repository


Update Office 365 distribution group membership of a user based on Business Unit membership

March 22, 2019
3348

The script adds/removes a user from Office 365 distribution groups based on the Business Units the user is a member of.

Note: The script uses the $Context variable available on the server side only. This means that the script can be executed only by Business Rules, Custom Commands, and Scheduled Tasks. For example, to schedule Office 365 group membership management, you can create a Scheduled Task configured for the User object type.

Parameter:

  • $groupInfos - specifies names of the Business Units a user needs to be a member of to be added to Office 365 distribution groups and names of the groups that correspond to each Business Unit. A Business Unit can have one or more associated Office 365 groups.
Edit Remove
PowerShell
$groupInfos = @{
    "Business Unit 1" = @("MyGroup1", "MyGroup2");
    "Business Unit 2" = @("MyGroup3");
} # TODO: modify me

function UpdateGroupMembership($objectId, $groupNames, $operation)
{
    foreach ($groupName in $groupNames)
    {
        $groupMembers = Get-DistributionGroupMember $groupName
        $isMember = $groupMembers | Where{$_.ExternalDirectoryObjectId -eq $objectId}
        if ($operation -eq "Add" -and -not($isMember))
        {
            try
            {
                Add-DistributionGroupMember $groupName -Member $objectId -ErrorAction Stop
            }
            catch
            {
                $Context.LogMessage("An error occurred when adding the user to $groupName group. Error: " + $_.Exception.Message, "Warning")
            }
        }
        elseif ($operation -eq "Remove" -and $isMember)
        {
            try
            {
                Remove-DistributionGroupMember $groupName -Member $objectId -ErrorAction Stop -Confirm:$False
            }
            catch
            {
                $Context.LogMessage("An error occurred when removing the user from $groupName group. Error: " + $_.Exception.Message, "Warning")
            }
        }
    }
}

# Get the user's unique identifier in Office 365
try
{
    $objectId = ([Guid]$Context.TargetObject.Get("adm-O365ObjectId")).ToString()
}
catch
{
    $Context.LogMessage("The user doesn't have an account in Office 365", "Warning")
    return
}


try
{
    # Connect to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Add-DistributionGroupMember", "Get-DistributionGroupMember", "Remove-DistributionGroupMember"
    
    # Get Business Units user is a member of
    try
    {
        $businessUnitDNs = $Context.TargetObject.GetEx("adm-MemberOfBusinessUnits")
    }
    catch
    {
        $businessUnitDNs = @()
    }
    
    # Build a lists of groups
    $groupsToAdd = New-Object "System.Collections.Generic.HashSet[String]"
    [System.Collections.Generic.HashSet[String]]$groupsToRemove = $groupInfos.Keys | %%{$groupInfos[$_]}
    foreach ($dn in $businessUnitDNs)
    {
        $unitDN = New-Object "Softerra.Adaxes.Ldap.DN" $dn
        $unitName = $unitDN.Leaf.Value
       
        $groupNames = $groupInfos[$unitName]
        if ($groupNames -eq $NULL)
        {
            continue
        }
       
        $groupNames | %%{[void]$groupsToAdd.Add($_); [void]$groupsToRemove.Remove($_)}
    }
    
    # Update user group membership
    UpdateGroupMembership $objectId $groupsToAdd "Add"
    UpdateGroupMembership $objectId $groupsToRemove "Remove"
}
finally
{
    if ($session) { Remove-PSSession $session }
}


Comments ( 0 )
No results found.
Leave a comment