locked
AD and AzureADGroups RRS feed

  • Question

  • Hi,

    I'm very much a keen powershell noob interested in developing my skills, I'm looking for advise on what I'm currently trying to achieve.

    Quick background...

    An office is moving out of our domain (being carried out by a separate team), their AD accounts still exist in our domain as they are still accessing some of our systems. We use 365 for exchange and they no longer exist in our GAL. The migration hasn't been thought through well IMO, the issue is these users no longer appear in the GAL and no longer receive emails from the groups they should be part of. Long story short, we are setting up AD Connect from their new domain to our AzureAD so we can see the users in our GAL, we now need to look at copying the distribution groups their old AD accounts are part of, and add these as members to the AzureAD groups that we have synchronized.

    I have managed to export all AD distribution groups users in an OU are part of, I have then queried Azure AD to get the corresponding AzureAD Object IDs so I have two sets of results. 

    My issue is I'm trying to get my head around what to do next and would appreciate the advise. I can manually match these ObjectIDs with my 2 CSVs. The I will come up with a script to add User to azureadgroup ObjectID.

    Am I going about this the right way? No doubt this is amateurish as I am very much an amateur but I'm keen on learning this stuff, so constructive advise is appreciated.


    ##Get AD users memberships

    $Users = ForEach ($U in (Get-ADUser -Filter * -SearchBase "OU=Users,OU=Office,OU=Resources,DC=contoso,DC=com"))

    $UN = Get-ADUser $U -Properties MemberOf
    $Groups = ForEach ($Group in ($UN.MemberOf))
    {
            Get-ADGroup $Group | select name, GroupCategory | Where-Object {$_.GroupCategory -eq 'Distribution'} | Select -ExpandProperty  name
    }
    $Groups = $Groups | Sort
    ForEach ($Group in $Groups)
    {
    New-Object PSObject -Property @{
    Name = $UN.UserPrincipalName
    Group = $Group
    }
    }
    }
    $Users | Export-Csv ADgroups.csv

    #################################################

    ##Get respective Azure AD Group ObjectIDsa

    $GroupNames = import-csv ADgroups.csv | sort Group | select -expandproperty Group

    $AzureADGroups = Foreach ($Group in $Groupnames) {
        Get-AzureADGroup -All 1 | Where {$_.DisplayName -eq $Group} | select DisplayName, ObjectID

        } 
    $AzureADGroups | Export-Csv Azuregroups.csv




    Thanks!

    Adam

     

    Monday, December 3, 2018 11:15 AM

All replies

  • Microsoft provides a migration utility that will do all of this for you.

    https://www.microsoft.com/en-us/download/details.aspx?id=56570


    \_(ツ)_/

    Monday, December 3, 2018 2:22 PM
  • It is effectively a separate entity that has migrated away from our domain, I have no access to their new domain and I don't know what tools they have used for the migration so this wouldn't work for me.

    They have agreed to let us to run AD Connect from their new domain which imports their users in our Azure AD environment. We still have their old users in our current domain which are part of groups, they are linked mailboxes but do not appear in the GAL.

    The setup isn't great but I've just inherited it, ultimately I need these users in the GAL with their respective groups, so I need powershell help to add the AzureAD users to the same groups their on premise accounts were added to.

    Thanks

    Tuesday, December 4, 2018 9:25 AM
  • Hi,

    Ťhanks for your question.

    I think CSVDE also can help you migrate adusers.

    Please Refer the links:

    https://www.computerperformance.co.uk/logon/csvde-bulk/

    Best Regards,

    Lee


    Just do it.

    Wednesday, December 5, 2018 8:50 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Monday, December 24, 2018 6:16 AM