question

SrbhTheComputerGuy-6169 avatar image
0 Votes"
SrbhTheComputerGuy-6169 asked michev commented

Dynamic office group using powershell script

I am new to Azure dynamic groups and I've been asked if we can create O365 dynamic groups in Exchange Online, based upon "Managers direct reportee" criteria. The script should prompt for manager's employee ID and then use it to fetch their direct reportees. Is this even possible?

I have created a script below but it is unable to run user.directreportfor >

[String]$manf=Read-Host "Enter your First name:"
[String]$manl=Read-Host "Enter your Last name:"


$San = Read-Host "Enter your Employee ID"
$saneml=(Get-Recipient -Identity $San).PrimarySmtpAddress
$adgid=(Get-Recipient -Identity DR-$manf$manl).PrimarySmtpAddress
$adg=(Get-AzureADGroup -ObjectId $adgid).ObjectID
$userId = (Get-AzureAdUser -ObjectId $saneml).ObjectId
$mem = Get-Aduser -identity $San -Properties directreports | %{$_.directreports}
Write-Host "You have" $mem.Count "Direct reports"



if ($mem -eq $null)
{
Write-Host "Error! This request cannot be fulfilled as you are not a manager..." -ForegroundColor Yellow
}
else
{
Write-Host "Working on creating Manager's DL: DR-$manf$manl" -ForegroundColor Green
Start-Sleep -Seconds 5
#New-UnifiedGroup -Name "DR-$manf$manl" -MailEnabled $true -Description "This is Managers DL"
New-UnifiedGroup -DisplayName DR-$manf$manl -Alias DR-$manf$manl -AccessType Private -Owner $San
Start-Sleep -Seconds 5
Set-UnifiedGroup "DR-$manf$manl" -UnifiedGroupWelcomeMessageEnabled:$false -AutoSubscribeNewMembers:$true -SubscriptionEnabled:$true
Start-Sleep -Seconds 30
Set-UnifiedGroup "DR-$manf$manl" -UnifiedGroupWelcomeMessageEnabled:$false -AutoSubscribeNewMembers:$true -SubscriptionEnabled:$true
Start-Sleep -Seconds 30
Set-AzureADMSGroup -Id $adg -GroupTypes @("DynamicMembership", "Unified") -MembershipRuleProcessingState "On" -MembershipRule "(user.directreportsfor -eq $userId)"

}

Any help is appreciated. Thanks.

azure-active-directorywindows-server-powershelloffice-exchange-online-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
1 Vote"
michev answered michev commented

Generally speaking, that's an Azure AD operation and you cannot achieve it via Exchange PowerShell. Use the method outlined here instead: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#create-a-direct-reports-rule
If you want to automate it, the corresponding cmdlet would be New-AzureADMSGroup from the AzureAD module.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Forgot to mention, if you want to stick to using Exchange only, you can create a Dynamic distribution group instead, with a query similar to:

 ((Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox'))
0 Votes 0 ·

I am looking for creating dynamic office group.

0 Votes 0 ·

Thank you Michev, while the document outlines how to create the dynamic membership based on directReport for parameter, I am trying to include that in the script and have not been able to re-pro it. I am seeking help with using this parameter in the above script.

0 Votes 0 ·
michev avatar image michev SrbhTheComputerGuy-6169 ·

You need to be a bit more specific here, what exactly is the issue? Here's a working example of how to create a dynamic membership group via PowerShell:

 New-AzureADMSGroup -MailEnabled $true -MailNickname "ManagerDynamic" -MembershipRule 'Direct Reports for "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"' -SecurityEnabled $false -DisplayName "ManagerDynamic" -GroupTypes "DynamicMembership","Unified" -MembershipRuleProcessingState "On"

After that, wait for the membership to be populated.

0 Votes 0 ·