如何从powershell为Azure Active Directory中的组创建动态成员资格规则

gk7wooem  于 2022-12-18  发布在  Shell
关注(0)|答案(1)|浏览(115)

有人知道是否可以从powershell而不是从“Azure门户中的规则生成器”传递来为Azure Active Directory中的组创建动态成员资格规则?
谢谢

jm81lzqq

jm81lzqq1#

我尝试在我的环境中重现相同内容,以便从powershell为Azure Active Directory中的组创建动态成员资格规则

正如我尝试下面的脚本从powershell创建Azure Active Directory中的组的动态成员资格规则
您可以获得如下所示的管理单元对象ID

AzurePortal〉管理单位〉选择您的管理单位〉属性(预览)

您可以获得如下所示的组对象ID

Azure门户〉Azure Active Directory〉组〉选择您的组〉

#Install Azure AD Module
 
Install-Module -Name AzureADPreview

#Connect to Azure Account

Connect-AzureAD

#Get AzureADMSAdministrativeUnit Details

Get-AzureADMSAdministrativeUnit -id <AzureADMSAdministrativeUniObjectID>

#Create Dynamic membership rules to Exiting AzureADMSAdministrativeUnit

Set-AzureADMSAdministrativeUnit -Id <AzureADMSAdministrativeUnit ObjectID> -MembershipRule '(user.Department -eq "HR") -or (user.usageLocation -eq "India")'

#Get Azure AD Group details

Get-AzureADMSGroup -id <AzureADMSGroupobjectID>

#Create Dynamic membership rules to AzureAD group

Set-AzureADMSGroup -id <AzureADMSGroupobjectID> -MembershipRule '(user.Department -eq "IT") -or (user.usageLocation -eq "Canada")'

#Create New group with Dynamic Membership rule

New-AzureADMSGroup -DisplayName "Dynamic Group 01" -Description "Dynamic group created from PS" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.department -contains ""Marketing"")" -MembershipRuleProcessingState "On"

最终使用动态成员资格规则创建的组

相关问题