堆栈内存溢出
  简体   繁体   English

如何 pipe Where-Object output 进入 Azure AD 组

[英]How to pipe Where-Object output into Azure AD Group

 原文  2019-09-18 20:48:34       azure/ powershell/ azure-powershell

问题描述

After a group member has enrolled for MFA, I need to remove the member from one Azure AD group and add them to another group.组成员注册 MFA 后,我需要从一个 Azure AD 组中删除该成员并将其添加到另一个组。

When I run the script I receive no errors, but it does not remove/add members as expected.当我运行脚本时,我没有收到任何错误,但它没有按预期删除/添加成员。 I can verify it makes it through Step 2 but does nothing after that.我可以验证它是否通过了第 2 步,但之后什么也不做。 I believe I need a Select-Object in the beginning of Step 3.我相信我在第 3 步开始时需要一个Select-Object

Script will remove members from Group A and move them to Group B if the member has enrolled in MFA.如果成员已注册 MFA,脚本将从 A 组中删除成员并将其移至 B 组。

  1. Get-AzureADGroupMember -ObjectId "7d23abf4-4e30-4092-b4e6-a5297addad75" |

  2. Where-Object {$_.StrongAuthenticationMethods -ne $null} |

  3. Add-AzureADGroupMember -ObjectId "24db4ad9-8fe0-45f6-a71a-79b76395105a" |

  4. Remove-AzureADGroupMember -ObjectId "7d23abf4-4e30-4092-b4e6-a5297addad75"

     Step 1. Get member of Group A Step 2. Where member has enrolled in MFA Step 3. Add member to Group B Step 4. Remove member from Group A

Script should audit one Azure Ad group (A) to see which members have enrolled in MFA, remove those who have enrolled from the group, and move them to another group (B).脚本应审核一个 Azure 广告组 (A) 以查看哪些成员已注册 MFA,从该组中删除已注册的成员,并将其移至另一个组 (B)。

1 个解决方案

解决方案1
 0 已采纳  2019-09-19 08:17:46

There are two issues about your script.您的脚本有两个问题。

1.The | 1. | means powershell pipline, it is not such usage, more details see this link .表示 powershell 管道,不是这样的用法,更多详细信息请参见此链接

2.The User entity in AzureAD powershell does not have the StrongAuthenticationMethods property, it exists in the MSOnline powershell , so you need to use that instead. 2. AzureAD powershell 中的User实体没有StrongAuthenticationMethods属性,它存在于MSOnline powershell中,所以你需要使用它来代替。

Here is a sample for you, make sure you have installed the MSOnline powershell module with Install-Module MSOnline .这是给您的示例,请确保您已使用Install-Module MSOnline安装了MSOnline powershell 模块。

Note : You need to make sure the users are not already in the Group B, otherwise you will get an error The group member you are trying to add is already a member of this group .注意:您需要确保用户尚未在 B 组中,否则您会收到错误消息The group member you are trying to add is already a member of this group

Connect-MsolService

$groupA = "<objectid of group A>"
$groupB = "<objectid of group B>"

#get the users(whose GroupMemberType is 0) in the group A
$userids = (Get-MsolGroupMember -GroupObjectId $groupA | Where-Object {$_.GroupMemberType -eq '0'}).ObjectId
#add the MFA-enrolled user to A and remove from B
foreach($item in $userids){
    $user = Get-MsolUser -ObjectId $item
    if($user.StrongAuthenticationMethods.Count -ne "0"){
        Add-MsolGroupMember -GroupObjectId $groupB -GroupMemberType User -GroupMemberObjectId $item
        Remove-MsolGroupMember -GroupObjectId $groupA -GroupMemberType User -GroupMemberObjectId $item

    }else{
        Write-Host The user $user.DisplayName is not MFA-enrolled.
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 Get-AzResource 修剪 ResourceId | Where-Object { } - Azure - Trimmed ResourceId from Get-AzResource | Where-Object { } - Azure Azure AD Connect-如何同步组成员身份? - Azure AD Connect - How to sync group memberships? Azure广告嵌套组 - Azure ad nested group Azure广告集团和SharePoint - Azure AD Group and SharePoint 制作Azure广告组 - Create azure ad group 如何查看 Azure AD 中的 Azure 服务主体组成员资格? - How to view Azure Service Principal Group Memberships in Azure AD? 在 Nodejs 中的 Azure AD 中创建 AD 安全组 - Creating a AD Security group in Azure AD in Nodejs Azure AD 中声明的组名 - Group name as claim in Azure AD Azure AD 组在 Devops 中不可见 - Azure AD group not visible in Devops Azure AD中的Phantom组成员身份 - Phantom Group Membership in Azure AD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM