I’ve beforehand shared a submit about Syncing AD group to Azure AD cloud group.
PowerShell – AD Group to Azure AD Cloud Solely Group Sync | Tech Wizard
This time we’ve got obtained the reverse requirement, the place We should sync the Azure AD safety group to On-Premises Lively listing group.
We’ve reverse engineered the above script and altered it to work for this situation.
Answer is moveable and might work with any atmosphere, you simply have to replace the variables.
Performance of Sync, ADD and Take away has been added.
Sync
à It’ll make the on-premises group membership identical as AzureAD group membership.
ADDà It’ll solely ADD the members to on-premises group with out eradicating the members which might be already current and are non-existent in AzureAD group.
Take away
à It’ll solely Take away the members which might be current in AzureAD group from on-premises AD group.
Stipulations for this Answer:
Obtain the script from Git or PowerShell gallery from under hyperlinks:
Git:
https://github.com/VikasSukhija/Downloads
aad2adgroup.ps1
PowerShell Gallery:
https://www.powershellgallery.com/packages/aad2adgroup
Set up-Script -Identify aad2adgroup
Notice: Script will auto generate encrypted password first time it’s run and put it aside in the identical folder.
Right here is how one can run it:
Option1
.aad2adgroup.ps1 -AzureADGroupID “d00d967e-5bd5-1001-8gf5-2gh8654f2e8e” -ADgroup “LAB-Group-TEST” -Operation ADD -countofchange 20 -smtpserver labtestsmtp -from DoNotRespond@labtest.com -erroremail Experiences@labtest.com
Option2
.aad2adgroup.ps1 -AzureADGroupID “d00d967e-5bd5-1001-8gf5-2gh8654f2e8e” -ADgroup “LAB-Group-TEST” -Operation Take away -countofchange 20 -smtpserver labtestsmtp -from DoNotRespond@labtest.com -erroremail Experiences@labtest.com
Option3
.aad2adgroup.ps1 -AzureADGroupID “d00d967e-5bd5-1001-8gf5-2gh8654f2e8e” -ADgroup “LAB-Group-TEST” -Operation Sync -countofchange 20 -smtpserver labtestsmtp -from DoNotRespond@labtest.com -erroremail Experiences@labtest.com
After operating it for first time interactively you’ll be able to schedule it to run by way of process scheduler as password has been saved as encrypted credentials contained in the script folder.
Logs will probably be saved underneath logs folder, rely of adjustments has been used as a security measure which I take advantage of in lots of my scripts to keep away from giant adjustments which we aren’t anticipating.
Smtp settings have been added additional to this script to ship logs and alerts to designated e-mail handle.
I hope this resolution will help you in your journey of automation of system administration duties.
Thanks for studying and downloading….
Tech Wizard
