-
Notifications
You must be signed in to change notification settings - Fork 1
/
GroupCreationControl.ps1
30 lines (22 loc) · 1.2 KB
/
GroupCreationControl.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Login to Azure AD PowerShell With Admin Account
Connect-AzureAD
# Bestimme, welche Sicherheitsgruppe noch Gruppen erstellen darf (falls $AllowGroupCreation = "False" )
$GroupName = "Stadtadmins"
# Bestimme, ob standardmäßig Gruppen durch Nutzer erstellt werden dürfen oder nicht.
$AllowGroupCreation = "False"
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
if($GroupName)
{
$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values