Active Directory AD And Group Member And ODFB Validation Status Step by Step Process Document

Guest User
Apr 09, 2019

8.1k
0
3
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Bookmark

My AD Verification, Group Member Verification, ODFB Provision Verification all in one PS code is working perfectly with my own O365 Tenant Admin Testing credentials.

We can make use of this updated code for our quick verifications before finalizing the Users list in Users.csv file.

Here are the PowerShell Code PSFile and Input file required along with the Output report also available in the ZIP attachment for all of you guys!

We need to change the CSVFile path, PDrive Folder Path, and OutputFolder path along with O365 Dev Tenant Admin Credentials to run from any machine. Use Windows Powershell ISE for robust performance.

Firstly create your O365 Dev Tenant Admin Credentials and login and check if you have access to the O365 Admin Center or not,

Create the PendingUsers2.csv file in the given below format with the given heading and mention all the User Account names for verifying,

Get all the below Login details ready for your PS Code Authentication,
1. $Admin = "[email protected]"
2. $AdminPassword = "******"
3. $Directory = "abcltdnew.onmicrosoft.com"
4. $spURL = "https://abcltdnew-admin.sharepoint.com/"
5. $onedrivelike = 'https://abcltdnew-my.sharepoint.com/'

Please make use of the below Script for Active Directory AD Verification, Group Member Verification, ODFB Provision Verification all in one. The PS code is working perfectly with my own O365 Tenant Admin Testing credentials. Also provide your Input CSV file path and other File paths as highlighted to get the exact Output.
1. Import-Module azuread
  
  $Admin = "[email protected]"
  $AdminPassword = "*******"
  $Directory = "abcltdnew.onmicrosoft.com"
  $spURL = "https://abcltdnew-admin.sharepoint.com/"
  $onedrivelike = 'https://abcltdnew-my.sharepoint.com/'
  
  # Create a new Password Profile for the new users
  $NewUserPassword = 'Dummy@365' #'Dummy@1234'
  $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
  $PasswordProfile.Password = $NewUserPassword
  
  $CsvFilePath = "E:\CHG156539\PSDevelopmentZone\PendingUsers4.csv"
  
  # Create a PowerShell connection to my directory
  $SecPass = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
  $Cred = New-Object System.Management.Automation.PSCredential ($Admin, $SecPass)
  Connect-AzureAD -Credential $cred
  
  # Import the csv file
  $NewUsers = import-csv -Path $CsvFilePath
  
  $result = @()
  #$result += @('"User","AdUser","Group","OneDriveProvisioned"')
  
  # Loop through all new users in the file
  Foreach ($NewUser in $NewUsers) {
  
  # Construct the UserPrincipalName, the MailNickName and the FirstName
  $UPN = $NewUser.'User Name' + '@' + $Directory
  $FirstName = $NewUser.'First Name'
  $MailNickName = $FirstName
  $DisplayName = $NewUser.'User Name'
  $oneDriveFlag = 'No'
  $adUserFlag = 'No'
  $groupFlag = 'No'
  $GroupName = 'Global-OneDrive E3 Default Azure'
  $adUserID = ''
  If(-not [string]::IsNullOrEmpty((Get-AzureADUser | Where {$_.UserPrincipalName -eq $UPN}).ObjectID))
  {
  $adUserID = (Get-AzureADUser | Where {$_.UserPrincipalName -eq $UPN}).ObjectID
  $adUserFlag = 'Yes'
  
  Connect-PnPOnline -Url $spURL -credential $cred
  
  # Get OneDrive URL
  If(-not [string]::IsNullOrEmpty((Get-PnPTenantSite | Where {$_.Url -like $onedrivelike}).Url))
  {
  #Check License also
  IF(-not [string]::IsNullOrEmpty((Get-AzureADUserLicenseDetail -ObjectId $adUserID )) )
  #IF(-not [string]::IsNullOrEmpty((Get-AzureADUserLicenseDetail -ObjectId (Get-AzureADUser | Where {$_.UserPrincipalName -eq $UPN}).ObjectID )) )
  {
  $oneDriveFlag = 'Yes'
  }
  else{
  $oneDriveFlag = 'No'
  }
  }
  else
  {
  $oneDriveFlag = 'No'
  }
  
  $adGroup = ''
  If(-not [string]::IsNullOrEmpty((Get-AzureADGroup | Where {$_.DisplayName -eq $GroupName}).ObjectID))
  {
  Write-Host $GroupName "Group exists"
  $adGroup = (Get-AzureADGroup | Where {$_.DisplayName -eq $GroupName})
  
  If([string]::IsNullOrEmpty(( Get-AzureADGroupMember -ObjectId $adGroup.ObjectId )) )
  {
  $groupFlag = 'No'
  #Write-Host $DisplayName "is not a Member of the Group"
  }
  else{
  $groupFlag = 'Yes'
  #Write-Host $DisplayName "is a Member of the Group"
  }
  
  }
  else
  {
  
  Write-Host $DisplayName $GroupName "Group doesn't exist"
  $groupFlag = 'No'
  
  }
  
  }
  else
  {
  $adUserFlag = 'No'
  
  Write-Host $DisplayName "doesn't exist in the Active Directory[AD]"
  }
  $ExportItem = New-Object PSObject
  $ExportItem | Add-Member -MemberType NoteProperty -name "User" -value $UPN
  $ExportItem | Add-Member -MemberType NoteProperty -name "AdUser" -value $adUserFlag
  $ExportItem | Add-Member -MemberType NoteProperty -name "Group" -value $groupFlag
  $ExportItem | Add-Member -MemberType NoteProperty -name "OneDriveProvisioned" -value $oneDriveFlag
  $result += $ExportItem
  
  }
  
  $result | Export-Csv -Path "E:\CHG156539\PSDevelopmentZone\TotalOutput.csv" -NoTypeInformation
  
  Pause
3. Pause

First verify Step by Step for any kind of Debugging by feeding steps one by one.
Run the above updated PowerShell script[after Full code verification] as described below,

Press Enter to Continue and check the Output csv report in the mentioned file path,

Check the Output at your respective portal.office.com and use it for further analysis and proceedings.
Check Active Users list if the User Accounts have been added with their respective ODFB provision or not,

Also check if the Group has that User as a member manually as per the Output report!

Here Veera one and only one AD User but not a Group member hence got the right Output.

That’s all for today! Have fun utilizing the above code for your further customizations.