Azure Active Directory, General, Scripting, Uncategorized

Note to Self: PowerShell Create Dynamic Azure AD Group

Date: January 25, 2021Author: helloitsliam 0 Comments

If, like me, you use PowerShell or Scripts of any kind, sometimes you find things don’t work, and then you find the commands that resolve it. Isn’t it true that down the line, when you hit the same issue, you then can’t remember what you did? Well, this post is a reminder for me.

Load Azure Active Directory Preview Module

if (Get-Module -ListAvailable -Name AzureADPreview) {
    Write-Host "AzureADPreview Module Already Installed" -ForegroundColor Green
} 
else {
    Write-Host "AzureADPreview Module Not Installed. Installing........." -ForegroundColor Red
        Install-Module -Name AzureADPreview -AllowClobber -Force
    Write-Host "AzureADPreview Module Installed" -ForegroundColor Green
}
Import-Module AzureADPreview

Set Azure Active Directory Device Security Group Configuration

# Create a Device Specific Security Group
$IntuneGroupName = "Intune Devices"
$IntuneGroupMailName = "IntuneDevices"
$IntuneGroupQuery = "(device.displayName -contains ""Corp-Devices"")"

Create Dynamic Azure Active Directory Group

# Create Dynamic Azure Active Directory Group filtered to Devices and set to Paused
$IntuneDevices = New-AzureADMSGroup `
    -Description "$($IntuneGroupName)" `
    -DisplayName "$($IntuneGroupName)" `
    -MailEnabled $false `
    -SecurityEnabled $true `
    -MailNickname "$($IntuneGroupMailName)" `
    -GroupTypes "DynamicMembership" `
    -MembershipRule "$($IntuneGroupQuery)" `
    -MembershipRuleProcessingState "Paused" 

# Set the Dynamic Azure Active Directory Group to Sync
Set-AzureADMSGroup -Id $IntuneDevices.Id -MembershipRuleProcessingState "Paused"

You must log in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: