The script populates attributes of a user's AD account with Microsoft 365 (Office 365) groups and Exchange Online distribution lists the user is a member of. This can be used to quickly look up cloud groups for a user. For example, you can display the attributes on the Web interface page for viewing users. For information on how to do that, see Customize Forms for User Creation and Editing, starting from step 6.
The Microsoft 365 (Office 365) groups and Exchange Online distribution lists will be saved to 2 different attributes. Such attributes must be multi-valued. For this purpose, you can use one of Adaxes virtual attributes, for example, CustomAttributeTextMultiValue1 and CustomAttributeTextMultiValue2. They are not stored in AD, but can be used the same as any other attributes of AD objects.
To use the script in your environment, create a Scheduled Task that runs it on a periodical basis. The task must be configured for the User object type.
Parameters:
- $distributionGroupNamesAttribute - specifies the LDAP name of the attribute that will be used for displaying Exchange Online distribution lists a user is a member of;
- $microsoft365GroupNamesAttribute - specifies the LDAP name of the attribute that will be used for displaying Microsoft 365 (Office 365) groups a user is a member of.
$distributionGroupNamesAttribute = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
$microsoft365GroupNamesAttribute = "adm-CustomAttributeTextMultiValue2" # TODO: modify me
# Get the user's unique identifier in Microsoft 365
try
{
$objectId = ([Guid]$Context.TargetObject.Get("adm-O365ObjectId")).ToString()
}
catch
{
return # no Microsoft 365 account
}
try
{
# Connect to Exchange Online
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" `
-Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Get-User", "Get-DistributionGroup", "Get-UnifiedGroup"
# Get Microsoft 365 DN of the user
$user = Get-User $objectId
$userDN = $user.DistinguishedName
# Get group memberships
$distributionGroupNames = Get-DistributionGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" | %%{$_.Name}
$microsoft365GroupNames = Get-UnifiedGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" | %%{$_.Alias}
# Update attributes
$Context.TargetObject.Put($distributionGroupNamesAttribute , $distributionGroupNames)
$Context.TargetObject.Put($microsoft365GroupNamesAttribute, $microsoft365GroupNames)
$Context.TargetObject.SetInfo()
}
finally
{
# Close the remote session and release resources
if ($session) { Remove-PSSession $session }
}