Script Repository


Save names of Microsoft 365 groups to multivalued attributes

February 18, 2021
1409

The script populates attributes of a user with names of Microsoft 365 (Office 365) groups and Exchange Online distribution lists the user is a member of. To run the script on a regular basis, create a scheduled task configured for the Domain-DNS object type.

Parameters:

  • $distributionGroupNamesAttribute - Specifies the LDAP name of a multivalued attribute that will store names of Exchange Online distribution lists a user is a member of.
  • $microsoft365GroupNamesAttribute - Specifies the LDAP name of a multivalued attribute that will store names of Microsoft 365 (Office 365) groups a user is a member of.
Edit Remove
PowerShell
$distributionGroupNamesAttribute  = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
$microsoft365GroupNamesAttribute = "adm-CustomAttributeTextMultiValue2" # TODO: modify me

# Get unique identifiers of users in Microsoft 365
$searcher = $Context.BindToObject("Adaxes://%adm-DomainDN%")
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad("adm-O365ObjectId")
$searcher.VirtualRoot = $True

try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    $objectIds = @{}
    foreach ($searchResult in $searchResults)
    {
        if (!$searchResult.ContainsProperty("adm-O365ObjectId"))
        {
            continue
        }
        
        $objectId = [Guid]$searchResult.Properties["adm-O365ObjectId"].Value
        $objectIds.Add($objectId, $searchResult.AdsPath)
    }
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

try
{
    # Connect to Exchange Online
    $session = $Context.CloudServices.CreateExchangeOnlinePSSession()
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Get-User", "Get-DistributionGroup", "Get-UnifiedGroup"
    
    foreach ($id in $objectIds.Keys)
    {
        # Get user distinguished name in Microsoft 365 
        $username = $Context.GetDisplayNameFromAdsPath($objectIds[$id])
        try
        {
            $user = Get-User $id.ToString() -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred while searching the user $username`. Error: " + $_.Exception.Message, "Warning")
            continue
        }
        $userDN  = $user.DistinguishedName
        
        # Get group membership
        try
        {
            $distributionGroupNames = Get-DistributionGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" -ErrorAction Stop | %%{$_.DisplayName}
        }
        catch
        {
            $distributionGroupNames = $NULL
            $Context.LogMessage("An error occurred while searching distribution groups for the user $username`. Error: " + $_.Exception.Message, "Warning")
        }
        try
        {
            $microsoft365GroupNames = Get-UnifiedGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" -ErrorAction Stop | %%{$_.Alias}
        }
        catch
        {
            $microsoft365GroupNames = $NULL
            $Context.LogMessage("An error occurred while searching Microsoft 365 groups for the user $username`. Error: " + $_.Exception.Message, "Warning")
        }
        
        # Update attributes
        $user = $Context.BindToObject($objectIds[$id])
        $user.Put($distributionGroupNamesAttribute , $distributionGroupNames)
        $user.Put($microsoft365GroupNamesAttribute, $microsoft365GroupNames)
        $user.SetInfo()
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}


Comments ( 0 )
No results found.
Leave a comment

Related Scripts