Azure

Assigning A Constructed-In Function To The Group At Useful resource Group Scope Stage Utilizing PowerShell Scripts

Photo of Harsh Bakshi Harsh Bakshi Send an email March 6, 2022
0 474 3 minutes read

This text is concentrated on the next four sections.

  1. Creating a brand new useful resource group
  2. Fetching Person Object Id
  3. Creating an Azure AD group with the person utilizing person’s object Id
  4. Assigning a built-in ‘Reader’ position to the group at useful resource group scope degree

Let’s begin writing the scripts part smart as talked about above, to attain our intention,

Firstly, Creating a brand new Useful resource group

#Creating New Useful resource Group
#Connecting to Azure Account utilizing your username and password
Join - AzAccount
#To Validate
if useful resource group already exists within the given location or not
resourcegroupname = “Take a look at - rg”
$location = “West Europe”
Get - AzResourceGroup - Identify$resourcegroupname - location $location
#If useful resource group not exists, Create a brand new useful resource group
$rg = New - AzResourceGroup - Identify $resourcegroupname - Location $location
#Print the Useful resource Group Identify as output in your PowerShell
Write - Output $rg.ResourceGroupName
#Save Useful resource group identify to a variable as we are going to use within the upcoming steps
$nameofresourcegroup = $rg.ResourceGroupName
Write - Output $nameofresourcegroup
#This finishes 1 st part of making a Useful resource Group at particular location utilizing PowerShell script

Fetching Person Object Id

As per the second step talked about, we are going to now fetch the person object id so as to add it to the group within the subsequent step,

#This finishes 1 st part of making a Useful resource Group at particular location utilizing PowerShell script
#Fetching person id
#Connect with Azure
if not have any current connection
Join - AzAccount
#Get person id utilizing the beneath talked about script by passing e mail id of person
$userid = Get - AzADUser - Filter "UserPrincipalName eq 'take a look at@area.onmicrosoft.com'"
#Print the output
Write - Output $userid
#Print and save the person id in one other variable to make use of it within the subsequent step
$useridfetched = $userid.id
#Print the id in your PowerShell
Write - Output $useridfetched

Creating an Azure AD group utilizing person’s object Id

Now, as per the third step talked about, we are going to add the person to the group. For that we’ll want customers’ id which we’ve got fetched from the above step,

#Creating group will want 2 inputs, group identify and person id fetched from the above step
$azureadgroupname = "Test_AD_Group"
$useridfetched
#To validate
if the identical group exists or not
Get - AzADGroup | The place - Object {
    $_.DisplayName - eq $azureadgroupname
}
#if group doesn't exists create a brand new one
$newgroup = New - AzADGroup - DisplayName $azureadgroupname - MailNickName "NotSet"
#Now's the time so as to add person to the newly created group the place we are going to move created group id worth to TargetGroupObjectId parameter and useridfetched to MemberObjectId parameter
$usergroup = Add - AzADGroupMember - TargetGroupObjectId $newgroup.Id - MemberObjectId $useridfetched
#Print output with created group id and group identify
$groupId = $newgroup.Id
$groupName = $newgroup.Identify
Write - Output $groupId
Write - Output $groupName
#Azure AD group with person is created utilizing PowerShell scripts

Assigning a built-in ‘Reader’ position to the group

Now’s the time for the final step talked about, which is able to assign the built-in reader position to the newly created group with customers at newly created useful resource group scope degree,

#For assigning position to the group at scope degree we are going to want three inputs, useful resource group identify which we've got as an output from the primary part, group object id which we've got as an output from the earlier part and a constructed - in position identify
$groupId
$nameofresourcegroup
$rolename = "Reader"
#To validate
if the position project already exists or not
Get - AzRoleAssignment - ObjectId $groupId - RoleDefinitionName $rolename - ResourceGroupName $nameofresourcegroup
#If it doesn't exists, we are going to create assign the created group the required position at useful resource group scope degree
# you may also change the constructed - in position and scope as per your utilization
$roleassignment = New - AzRoleAssignment - ObjectId $groupId - RoleDefinitionName $rolename - ResourceGroupName $nameofresourcegroup
#Output the position project namd and Id
$roleassignementId = $roleassignment.RoleAssignmentId
$roleassignmentName = $roleassignment.RoleAssignmentName
Write - Output $roleassignementId
Write - Output $roleassignmentName
#Voila, it’ s time to validate the carried out operations on the Azure Portal

Now navigate to your Azure Portal > Useful resource Group,

Examine for the newly created useful resource group, redirect to the Entry management > Function assignments and test for those who can see the newly created group with the Reader position.

I hope this text appears helpful for all of the automation use circumstances associated to Azure AD

Preserve Studying!

Preserve Sharing!

Tags
Photo of Harsh Bakshi Harsh Bakshi Send an email March 6, 2022
0 474 3 minutes read
Show More
Photo of Harsh Bakshi

Harsh Bakshi

Related Articles

Overview

Deleting NFS Snapshot by Portal

2 hours ago
Azure Load Testing

Azure Load Testing – Create Load Check for App Service Net Apps

10 hours ago
Resource group

Digital Networking Setup for Azure AD Area Providers

18 hours ago
CheckoutService

State Administration in Azure Service Cloth

1 day ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button