1

I'm trying to update AzureADGroupMember for multiple users in a CSV File by Employee.

This is what I've got assisted with, but looking to have it update by UPN instead of EmployeeID. This was the successful code that updates ADGroupMember by UPN.

$users = Import-csv "C:\Temp\testgroup2.csv" 

$users | ForEach-Object{
Add-AzureADGroupMember -ObjectId 599992-xxxxxxxxxx-699999e9e - 
RefObjectId (Get-AzureADUser -ObjectId $_.UPN).ObjectId
}

This is the code where I changed UPN to update by EmployeeID in the CSV.

$users = Import-csv "C:\Temp\testgroup2.csv" 

$users | ForEach-Object{
Add-AzureADGroupMember -ObjectId 599992-xxxxxxx-6ee9999e - 
RefObjectId (Get-AzureADUser -ObjectId $_.EmployeeID).ObjectId
}

This is the error message I get when trying to update by EmployeeID.

Get-AzureADUser : Error occurred while executing GetUser Code: 
Request_ResourceNotFound Message: Resource '18616' does not exist or one 
of its queried reference- property objects are not present.

This is what I used to verify that the employee actually has an EmployeeID in Azure.

Get-AzureADUser -ObjectID Xxxxx@hxxxxxx.com | Select-Object *

Any idea why it's reading that the employeeID doesn't exist in Azure even though I've verified?

Thank you,

Update: Adding screenshot of my csv setup, I only have Employee ID in there: CSV Setup

Update 2: Screenshot of the script I'm running in powershell: Script in PS

Larry David
  • 55
  • 7
  • I'm thinking that updating with EmployeeID instead will be more of an Set-AzureADUserExtension ? – Larry David Apr 17 '19 at 18:46
  • Could it solve your issue? – Joy Wang Apr 18 '19 at 07:42
  • this is the error message i got when running. I verified the ObjectID group was correct Add-AzureADGroupMember : Cannot bind argument to parameter 'RefObjectId' because it is null. At line:4 char:88 @JoyWang – Larry David Apr 18 '19 at 14:08
  • i did add make adjustment by adding IF ($refobjectid) { and didn't get no error messages, but groups didn't update as they should; If ($refobjectid) { Add-AzureADGroupMember -ObjectId 32xxc77f2-xxxxxx-sdfsdfxx -RefObjectId $refobjectid } } @JoyWang – Larry David Apr 18 '19 at 14:10
  • First, make sure the user has the employeeId(not null, should be the same with the values in csv file). My script just works for the user has the employeeId, if some users don't have the employeeId, you will not be able to get the user objectid, so the `Add-AzureADGroupMember` will not work. – Joy Wang Apr 18 '19 at 14:18
  • You could check if the employeeId of the user is null by `Get-AzureADUser -ObjectId xxxxxx | ConvertTo-Json`. In the `ExtensionProperty`, `employeeId` is there. – Joy Wang Apr 18 '19 at 14:26
  • yeah, i verified with Get-AzureADUser -ObjectID xxxxxx@xxxxxx | Select-Object * and Get-AzureADUser -ObjectId xxxxxx | ConvertTo-Json and i see valid EmployeeID in both – Larry David Apr 18 '19 at 14:57
  • Is the employeeId same with the one in your csv file? What is the format of your csv file? Could you try my sample csv file? – Joy Wang Apr 18 '19 at 15:11
  • Yea, my CSV is setup like: EmployeeID 322 425 696 999999 888888 tried to add a screen shot, but couldn't – Larry David Apr 18 '19 at 15:19
  • Please provide the screenshot of your csv file in your question, I will test for you tomorrow. – Joy Wang Apr 18 '19 at 15:23
  • @JoyWang thank you, screenshot has been added at the bottom of the question. – Larry David Apr 18 '19 at 15:29
  • Per my test, I am sure it will work. Did you try my complete script? Or try to update the `AzureAD` powershell module. – Joy Wang Apr 19 '19 at 01:27
  • so i did see an upgrade and i went from 2.0.2.4 to 2.0.2.16. I was really hoping this was the fix, but after i ran the script i got the same error message. I'm copying the exact code from your post...only thing im editing is the location of the csv file and updating the GroupID that i want the user in after -ObjectID @JoyWang – Larry David Apr 22 '19 at 04:13
  • I also attached a screenshot of the script I'm running in Powershell just so you can see what I'm seeing when running the script @JoyWang – Larry David Apr 22 '19 at 04:23
  • updated powershell azuread module: Install-Module AzureADPreview -AllowClobber then tried script again and still getting 'Add-AzureADGroupMember : Cannot bind argument to parameter 'RefObjectId' because it is null. At line:4 char:88' @JoyWang – Larry David Apr 23 '19 at 21:30
  • Could you make sure every user has the `employeeId`? Anyway, the error points out that. – Joy Wang Apr 24 '19 at 01:54
  • I ended up working with a coworker and this worked out with updating by employeeID: $users = Import-csv "C:\temp\test.csv" $_all_azure_ad_users = Get-AzureADUser -all $true foreach($user in $users){ $refobjectid = ($_all_azure_ad_users | Where-Object {$_.ExtensionProperty.employeeId -eq $user.EmployeeID})| select objectId Write-Host $refobjectid Add-AzureADGroupMember -ObjectId xxxxx-xxxxxxx-xxxxx-xxxxxxx -RefObjectId $refobjectid.ObjectId } thank you for your time and efforts! @JoyWang – Larry David Apr 27 '19 at 23:35

1 Answers1

0

The employeeId is not the same with ObjectId, so you could not pass employeeId to the ObjectId property.

Try the script as below, it works fine on my side.

$users = Import-csv "C:\Users\joyw\Desktop\testgroup.csv" 
foreach($user in $users){
    $refobjectid = (Get-AzureADUser | Where-Object {$_.ExtensionProperty.employeeId -eq $user.employeeId}).ObjectId
    Add-AzureADGroupMember -ObjectId 9d42d3ea-xxxxxxxx-c31428b600ad -RefObjectId $refobjectid
}

My .csv file:

UPN,Role,employeeId
leeliu@xxxxxx.onmicrosoft.com,role1,12345
test@xxxxxx.onmicrosoft.com,role2,123

enter image description here

Joy Wang
  • 39,905
  • 3
  • 30
  • 54