Updated members of Office 365 Group based on AD Group or Distribution list
As the Collaboration world is moving at rapid pace towards Office 365 groups along with many features that are available only for these modern groups and are limited to Security groups or Distribution groups.
One such feature is Microsoft streams group channel, when you create it you can only select office 365 group you can not select security group or Distribution group.
Our organization Senior Staff publish the videos on regular basis and wants these videos to be available to whole employee group that is a mail security group which is already automated from HR feed. (They do not want to assign the permission each time on Videos).
After discussion, we came up with an idea of Powershell Spell which can accomplish this by populating the O365 group with the members of the mail security group.
Here is the magical script that you can download from github
Active directory powershell module which is part of RSAT
Now execute the script, you need to enter the following parameters:
[string]$Adgroup = $(Read-Host “Enter AD Group as Source”), [string]$o365group = $(Read-Host “Enter the o365 group as Destination”), [string]$Removeanswer = $(Read-Host “If removal of members is required ?, type Yes or No”), [string]$user1 = $(Read-Host “Enter the Admin User id to conenct to Exchange Online”), $password1 = $(Read-Host “Enter the passwrod” -AsSecureString), [string]$smtpserver = $(Read-Host “Enter SMTP Server”), [string]$from = $(Read-Host “Enter From Address”), [string]$erroremail = $(Read-Host “Enter Address for Report and Errors”), $countofchanges = $(Read-Host “Enter Count of changes”)
[string]$Removeanswer = $(Read-Host “If removal of members is required ?, type Yes or No”)
If you will answer Yes then sync will happen and O365 group will have exact members as Active Directory group but we do not wanted that in our situation, we wanted only addition so that if senior staff wants to add some one manually, it will not get removed.
On first run, logs folder will be created for logs to be saved for each run, script will also recycle the logs that are older then 60 days (code is at the end of the script if you want to modify the days for recycling)
$countofchanges = $(Read-Host “Enter Count of changes”)
Count of changes variable has been used for protection as we will be running it daily so if it goes beyond certain number it will not execute. (In our case it can never go beyond 100 with in a single day)
Script compares the existing members of O365 group with AD group to check how many additions or removal will happen. (so its quite fast as daily additions will be very few)
On first run you can add the count of changes variable number as more than actual number of members in AD group, on subsequent run you can update it to the threshold as per your needs.
You need to modify the script if you want to schedule it via task scheduler, I am not explaining that part in this blog as I am assuming that you all are aware about that part or you can read my other blogs if that is the requirement.