How to Bulk Import CSV to create Security Groups and Add Groups Owner to those Groups Using Powershell in Azure AD

Question

I am Looking for an Script where i can create 500 Security Groups by Bulk Import Power shell cmdlet and Add Group Owners in Azure AD at the same time .

Please help !!!

Answer 1

@Andreas Baumgarten

By Using your below Script :

Import-Csv -Path "C:\temp\GroupsC.csv" | ForEach-Object {
$ownerUserObj = $UserObj = Get-AzureADUser -ObjectId $.GroupOwner
$newGroup = New-AzureADGroup -DisplayName $.GroupName -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet"
Add-AzureADGroupOwner -ObjectId $newGroup.ObjectId -RefObjectId $ownerUserObj.ObjectId
}

I am able to create the Groups and also can update Group Owner successfully But i am not sure why I get this Below Error :
Any Idea ???

Get-AzureADUser : Error occurred while executing GetUser
Code: Request_BadRequest
Message: The request URI is not valid. Since the segment 'Microsoft.DirectoryServices.User' refers to a collection, this must be the last segment in the request URI. All intermediate segments must refer
to a single resource.
RequestId: 1083e92b-026e-402c-b886-78377c359a0a
DateTimeStamp: Sun, 18 Sep 2022 15:32:32 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:2 char:28

• $ownerUserObj = $UserObj = Get-AzureADUser -ObjectId $.GroupOwner
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
• FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

Get-AzureADUser : Error occurred while executing GetUser
Code: Request_BadRequest
Message: The request URI is not valid. Since the segment 'Microsoft.DirectoryServices.User' refers to a collection, this must be the last segment in the request URI. All intermediate segments must refer
to a single resource.
RequestId: e38b4fdf-a3f5-4dfa-b29e-0ce209beefd0
DateTimeStamp: Sun, 18 Sep 2022 15:32:32 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:2 char:28

• $ownerUserObj = $UserObj = Get-AzureADUser -ObjectId $.GroupOwner
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
• FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser

Answer 2

Modified script to remove group owner, added groups and description. Not sure where I made a wrong turn. If I manually create a group it works:

New-AzureADGroup -DisplayName "Test_Group" -MailEnabled $false -SecurityEnabled $true -MailNickName "NotSet" -Description "Test Group"

Running this below just puts me back at PS prompt.

Import-Csv -Path "c:\temp\SecurityGroups.csv" | ForEach-Object { $newGroup = New-AzureADGroup -DisplayName $_.DisplayName -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet" -Description $_.Description

Not sure what I did yesterday or this AM but I had 69 wrongly named security groups all named "$._GroupName". I had to delete them all.

In my spreadsheet I've removed the 68 so there is only one entry in my spreadsheet for further testing. When i run the test it returns some good info as seen below. Not sure what I'm missing here.

PS C:\windows\system32> import-csv -Path "C:\temp\SecurityGroups.csv" | ForEach-Object {
>> $_.GroupDescription
>> $_.GroupName
>> }
>>
Test Group 1
Test_Group_1