Create Unified and Dynamic Membership Office 365 group Via Powershell in AzureAD

0
votes

In the GUI of Azure it is really easy to do this you simply create a new office 365 group and set dynamic Rules but it seems difficult to do via powershell closest i can get is using the following Powershell line. it seems to error out on the Group types portion. I can't seem to get it to create a group with both types, My guess is am just not formatting it correctly. I am using the AzureADPreview module at version 2.0.2.85 since the normal AzureAD module does not work at all for this.

New-AzureADMSGroup -DisplayName "name" -Description "description" -MailEnabled $True -MailNickName "MailName" -SecurityEnabled $True -GroupTypes 'Unified, DynamicMembership' -MembershipRule '(user.userPrincipalName -contains "somafeasokdfalksjfjlkads")' -MembershipRuleProcessingState $true

give me the error

Code: Request_BadRequest
Message: Invalid value specified for property 'groupTypes' of resource 'Group'.

GUI Creation

Powershell Get

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsgroup?view=azureadps-2.0

The gist is I am trying to find a powershell way to get a Azure group like the second photo. Ie both dynamic and unified.

1
powershellazure-active-directoryoffice365azure-ad-powershell-v2
it may also just be unsupported at the moment depending on how i write it i also get the following error. - Zygodactyl
Code: Request_BadRequest Message: The service does not currently support writes of mail-enabled groups. Please ensure that the mail-enablement property is unset and the security-enablement property is set. - Zygodactyl

1 Answers

-1
votes

I figured out a work around you can create the group just as unified then use a script microsoft posted

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-change-type

I had to modify it to get it to work but basically i ran the following

$knowngoodgroup = 'INSERTGUID'
$BadGroup       = 'INSERTGUID'
$memberRule     = 'INSERTMEMBERRULE'

[System.Collections.ArrayList]$groupTypes = (Get-AzureAdMsGroup -Id $knowngoodgroup).GroupTypes
Set-AzureAdMsGroup -Id $BadGroup -GroupTypes $groupTypes.ToArray() -MembershipRuleProcessingState "On" -MembershipRule $memberrule

my guess is they will fix this in the future.