PowerShell – AD Group to Azure AD Cloud Only Group Sync

Sharing another PowerShell magic which we have created because of request from one of our customers.

They contacted us to make a solution where if there are members added to the on-premise Active directory group, those members should be added automagically to the cloud only azure active directory group.

To achieve this, we have created this solution which is portable and can be used in any environment. We also added two other options named Sync and remove, incase customer wants to Synchronize the AD and cloud only group or Customer wants just to remove members from cloud only group based on AD group membership.

There can be number of situations where this script can fill the gap as you were using cloud only group but still want members from onpremise AD group to be added automatically as that onpremise AD group is being managed separately.

Prerequisites for this Solution:

Download the Script from GitHUB

https://github.com/VikasSukhija/Downloads/blob/master/AD2AzureADGroup.ps1

Download it from Powershell Gallery

https://www.powershellgallery.com/packages/AD2AzureADGroup

Install-Script -Name AD2AzureADGroup

 


Note: Script will auto generate encrypted password first time it is run and save it in the same folder.


Here is how you can run it:

Option1
à ADD users to AzureAd group from Onpremise ADgroup members.

.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation ADD -countofchanges 10

Option2
à Remove users from AzureAd from Onpremise ADgroup members.

.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation Remove -countofchanges 10

Option3
à Syncronize users from Onpremise ADgroup members to AzureAD

.\AD2AzureADGroup.ps1 -ADgroup “LicenseGroup” -AzureADGroupID “878b025c-e59c-4ad6-v1r5-65c2c28f9ve5” -Operation Sync -countofchanges 10

After running it for first time interactively you can schedule it to run via task scheduler as password has been stored as encrypted credentials inside the script folder.

Logs will be stored under logs folder, count of changes has been used as a safety measure which I use in many of my scripts to avoid large changes which we are not expecting.

I hope this powershell magic will assist you in multiple situations.

 

Thanks for reading and downloading….

 

 

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

PowerShell Cheat Book

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s