Cleanup School Security Groups and Administrative Units

When running School Data Sync (SDS), you have the option when creating your Managed data with Microsoft 365 configuration to create and manage Organization (School) Administrative Units (AUs) and Security Groups (SGs).

As the year progresses, SDS keeps the memberships updated as school enrollments change in the Student Information System (SIS) and sent to SDS to add or remove memberships.

When you're getting ready for the next academic session or school year, a step in prepping your environment is to remove any users that transferred to another school or graduated. You should run cleanup after your connected data source's sync end date is reached.

Prep to run cleanup scripts

1. First confirm the proper PowerShell module for Microsoft Graph is installed. Instructions can be found here: PowerShell For SDS.

2. Download one or more scripts and save them in your local c:\temp directory.

• Cleanup School Administrative Units memberships
• Cleanup School Security Group memberships

1. Open PowerShell.

2. Run the following command to set the directory location by running:

   set-location c:\temp
   

3. Run the following command to connect to your tenant and grant permissions with your Global Admin Account

   Connect-MgGraph -Scopes 
   “AdministrativeUnit.ReadWrite.All”,“User.Read.All”,"Group.ReadWrite.All"
   

4. The command prompts you to navigate to a webpage for authentication.

5. Select on the Next button or Sign in to proceed. It asks you for permissions and consent on behalf of your organization for connecting to Microsoft Graph PowerShell.

6. Enable the checkbox 'Consent on behalf of your organization' and select the Accept button.

7. Ater the successful verification, the PowerShell terminal displays 'Welcome to Microsoft Graph!'

Run the Remove-SchoolAU_Membership Script

1. Type into PowerShell: .\RemoveSchoolAU_Membership.ps1

2. Hit enter and address any prompts that appear.

Run the Remove-SchoolSG_Membership Script:

Note

Only run this if the Security Group configuraiton option Organizations, Organizations + Role Groups is selected.

1. Type into PowerShell: .\RemoveSchoolSG_Membership.ps1

2. Hit enter and address any prompts that appear.