Sharing another PowerShell magic which we have created because of request from one of our customers.
They contacted us to make a solution where if there are members added to the on-premise Active directory group, those members should be added automagically to the cloud only azure active directory group.
To achieve this, we have created this solution which is portable and can be used in any environment. We also added two other options named Sync and remove, incase customer wants to Synchronize the AD and cloud only group or Customer wants just to remove members from cloud only group based on AD group membership.
There can be number of situations where this script can fill the gap as you were using cloud only group but still want members from onpremise AD group to be added automatically as that onpremise AD group is being managed separately.
Prerequisites for this Solution:
Download the Script from GitHUB
https://github.com/VikasSukhija/Downloads/blob/master/AD2AzureADGroup.ps1
Download it from Powershell Gallery
https://www.powershellgallery.com/packages/AD2AzureADGroup
Install-Script -Name AD2AzureADGroup
Note: Script will auto generate encrypted password first time it is run and save it in the same folder.
Here is how you can run it:
Option1
à ADD users to AzureAd group from Onpremise ADgroup members.
.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation ADD -countofchanges 10
Option2
à Remove users from AzureAd from Onpremise ADgroup members.
.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation Remove -countofchanges 10
Option3
à Syncronize users from Onpremise ADgroup members to AzureAD
.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation Sync -countofchanges 10
After running it for first time interactively you can schedule it to run via task scheduler as password has been stored as encrypted credentials inside the script folder.
Logs will be stored under logs folder, count of changes has been used as a safety measure which I use in many of my scripts to avoid large changes which we are not expecting.
I hope this powershell magic will assist you in multiple situations.
Thanks for reading and downloading….
Tech Wizard
Tech Wizard 
Pingback: PowerShell: Update Users from Textfile To AzureAD Group | Tech Wizard
Dear Vikas, I’m seeing authentication error while running the script.
Error**************************Error
Connect-AzureAD : : Unknown error
At D:\scripts\AD2AzureADGroup.ps1:149 char:3
+ Connect-AzureAD -Credential $Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AdalException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Error**************************Error
Looks like the authentication parameters needs a change.
In June 2022 when I last used the script, it worked perfectly, however now I’m seeing some errors. Kindly share the updated script if possible.
It might be your admin has enabled mfa, just run from an account that bypass mfa or we need to use cert based auth..
Hi in light of Microsoft sun-setting the AzureAD object, do you have a MS Graph PowerShell converted app?
As of now I have not converted it but will do it in future.
Excellent script, and thank you very much!
Pingback: Sync Azure active directory group to On-premises Active Directory | Tech Wizard