PowerShell 腳本範例 - 為貴校的授課者和學生建立安全組
使用此 PowerShell 腳本建立您在學校管理 Microsoft Teams 原則所需的安全組。 Teams 中 群組功能的原則指派 可讓您將原則指派給使用者群組,例如安全組。 原則指派將根據優先順序規則傳播到群組成員。 在群組中新增或移除成員時,系統會相應地更新其繼承的原則指派。
此 PowerShell 腳本會根據授權類型建立兩個安全組,一個供教職員和授課者使用,另一個供您學校的學生使用。 接著,您可以將原則指派給您所建立的安全組。 如需使用此腳本的詳細資訊,請參閱 指派原則給學校中的大型使用者群組。
此文稿會執行下列動作:
- 識別已指派教職員 SKU 的教職員和授課者、建立安全組,然後將教職員和授課者新增至群組。
- 識別獲指派學生 SKU 的學生、建立安全組,然後將學生新增至群組。
- 匯報 每個安全組的成員資格,以根據他們是否擁有授權來新增或移除教職員、授課者和學生。
您必須定期執行此腳本,才能讓安全組保持在最新狀態。
重要
將原則指派給群組時,請務必瞭解 優先順序規則 和 群組指派排名 。 請務必閱讀並了解 關於群組的原則指派所需注意事項中的概念。
開始之前
下載並安裝 商務用 Skype Online PowerShell 模組,然後在出現提示時重新啟動電腦。
注意事項
Azure AD Powershell 預計於 2024 年 3 月 30 日停用。 若要深入瞭解,請閱讀 即將停用的更新。
我們建議您移轉至 Microsoft Graph PowerShell,以與 Microsoft Entra ID (舊稱 Azure AD) 互動。 Microsoft Graph PowerShell 可存取所有 Microsoft Graph API,而且可在 PowerShell 7 上使用。 如需常見移轉查詢的解答,請參閱 移轉常見問題。
若要深入瞭解,請參閱使用 Office 365 PowerShell 和 Teams PowerShell 管理在線 商務用 Skype概觀。
範例腳本
<#
Script Name:
CreateOrUpdate_SecurityGroup_Per_LicenseType.ps1
Synopsis:
This script is designed to perform following operations:
1. Create a security group for faculty and student members based on the assigned license SKU and add the members accordingly.
2. Update the security group to add/remove teachers and students so that only users who have a valid teacher/student license are present in the group.
The output of the script is written in a log file present at location: C:\results\log.txt
Written By:
Mihir Roy
Change Log:
Version 1.0, 10/08/2019 - First Draft
#>
#Figure out to determine if the user is using an existing group or creating a new one
param
(
[string]$teachergroupname,
[string]$teachergroupdesc,
[string]$studentgroupname,
[string]$studentgroupdesc,
[Guid]$facultyid,
[Guid]$studentid
)
[bool] $create = $false
if ([string]::IsNullOrEmpty($teachergroupname) -and [string]::IsNullOrEmpty($studentgroupname) -and [string]::IsNullOrEmpty($studentid) -and [string]::IsNullOrEmpty($facultyid)) {
throw "Please enter valid groupnames to create groups for Teachers and Students. In order to update a group, please enter the teacher and/or student group id's."
}
#Connect to Azure AD
Write-Host "`n"
Write-Host -ForegroundColor Green "Please enter your Global Administrator Username and Password"
Write-Host "`n"
Connect-MsolService
[Guid] $teachergroupid = New-Guid
[Guid] $studentgroupid = New-Guid
if (![string]::IsNullOrEmpty($teachergroupname)) {
New-MsolGroup -DisplayName $teachergroupname -Description $teachergroupdesc
$Group = Get-MsolGroup -SearchString $teachergroupname
$teachergroupid = $Group.ObjectId
$create = $true
}
if (![string]::IsNullOrEmpty($studentgroupname)) {
New-MsolGroup -DisplayName $studentgroupname -Description $studentgroupdesc
$Group = Get-MsolGroup -SearchString $studentgroupname
$studentgroupid = $Group.ObjectId
$create = $true
}
#Build the Students Array
$StudentsArray = @()
#Build the Teachers Array
$TeachersArray = @()
#Build the Student Sku Array
$StudentSkus = @()
$AllSkus = Get-AzureADSubscribedSku
$StudentSkuIDs = ($AllSkus | ? {$_.skupartnumber -like "*student*"}).skuid
Write-Host -ForegroundColor Green "The Student Skus identified are listed below:"
Foreach ($Element in $StudentSkuIDs) {
$SkuPart = (Get-AzureADSubscribedSku | ? {$_.SkuID -eq $Element}).SkuPartNumber
Write-Host -ForegroundColor Green "Student SkuID ${Element} for License $SkuPart"
}
Write-Host "`n"
#Build the Teacher Sku Array
$TeacherSkus = @()
$AllSkus = Get-AzureADSubscribedSku
$TeacherSkuIDs = ($AllSkus | ? {$_.skupartnumber -like "*faculty*"}).skuid
Write-Host -ForegroundColor Green "The Teacher Skus identified are listed below:"
Foreach ($Element in $TeacherSkuIDs) {
$SkuPart = (Get-AzureADSubscribedSku | ? {$_.SkuID -eq $Element}).SkuPartNumber
Write-Host -ForegroundColor Green "Teacher SkuID ${Element} for License $SkuPart"
}
Write-Host "`n"
#Get All Users in AAD
Write-Host -ForegroundColor Green "Getting All Users in Azure Active Directory with an assigned license"
Write-Host "`n"
$AllUsers = Get-AzureADUser -All $true | ? {$_.AssignedLicenses -ne $null}
$teacherAdd = $create -and ($teachergroupid -ne $null)
$studentAdd = $create -and ($studentgroupid -ne $null)
#Start foreach loop for all users with student licenses
if ($teacherAdd -or $studentAdd) {
Foreach ($User in $AllUsers) {
$ObjectID = $User.ObjectID
Write-host "`n"
Write-Host -ForegroundColor Green "Getting Assigned Licenses for $DN"
$GetUser = Get-AzureADUser -objectid $user.objectid
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Write-Host -ForegroundColor Green "User Assigned License: " $User.Displayname "-" $AssignedLicenses "-" $User.ObjectId
#Set Variables
$UPN = $User.userprincipalname
$DN = $User.Displayname
$OBJ = $User.ObjectID
$Age = $User.AgeGroup
$Consent = $User.ConsentProvidedForMinor
$Legal = $User.LegalAgeGroupClassification
#Start foreach loop for all assigned skus
Foreach ($License in $AssignedLicenses) {
#Creating new PS Object for each Sku and adding to the array
If ($TeacherSkuIDs -contains $License) {
$TeacherObj = New-Object PSObject
$TeacherObj | Add-Member NoteProperty -Name UserPrincipalName -Value $UPN
$TeacherObj | Add-Member NoteProperty -Name DisplayName -Value $DN
$TeacherObj | Add-Member NoteProperty -Name ObjectID -Value $OBJ
$TeacherObj | Add-Member NoteProperty -Name SkuID -Value $License
$TeacherObj | Add-Member NoteProperty -Name AgeGroup -Value $Age
$TeacherObj | Add-Member NoteProperty -Name ConsentProvidedForMinor -Value $Consent
$TeacherObj | Add-Member NoteProperty -Name LegalAgeGroupClassification -Value $Legal
$TeachersArray += $TeacherObj
if ($teachergroupid -ne $null) {
Add-MsolGroupMember -GroupObjectId $teachergroupid -GroupMemberType User -GroupMemberObjectId $OBJ
}
}
If ($StudentSkuIDs -contains $License) {
$StudentObj = New-Object PSObject
$StudentObj | Add-Member NoteProperty -Name UserPrincipalName -Value $UPN
$StudentObj | Add-Member NoteProperty -Name DisplayName -Value $DN
$StudentObj | Add-Member NoteProperty -Name ObjectID -Value $OBJ
$StudentObj | Add-Member NoteProperty -Name SkuID -Value $License
$StudentObj | Add-Member NoteProperty -Name AgeGroup -Value $Age
$StudentObj | Add-Member NoteProperty -Name ConsentProvidedForMinor -Value $Consent
$StudentObj | Add-Member NoteProperty -Name LegalAgeGroupClassification -Value $Legal
$StudentsArray += $StudentObj
if ($studentgroupid -ne $null) {
Add-MsolGroupMember -GroupObjectId $studentgroupid -GroupMemberType User -GroupMemberObjectId $OBJ
}
}
}
}
}
if ((!$teacherAdd) -and ($facultyid -ne $null)) {
#Users to be Added in the Teacher Group that are not present
$teacherGrpMembers = Get-MsolGroupMember -GroupObjectId $facultyid
$teachersToAdd = ($AllUsers | ? {$_.ObjectId -ne $null}).objectid | Where {($teacherGrpMembers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
Foreach ($id in $teachersToAdd) {
$GetUser = Get-AzureADUser -objectid $id
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Foreach ($License in $AssignedLicenses) {
#Adding faculty members to the security group
If ($TeacherSkuIDs -contains $License) {
Add-MsolGroupMember -GroupObjectId $facultyid -GroupMemberType User -GroupMemberObjectId $id
}
}
}
#Users (Faculty) to be removed from the group that are not in tenant anymore
$teachersToRemove = ($teacherGrpMembers | ? {$_.ObjectId -ne $null}).objectid | Where {($AllUsers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
if ($teachersToRemove.Count > 0) {
Foreach ($id in $teachersToRemove) {
Remove-MsoLGroupMember -GroupObjectId $facultyid -GroupMemberType User -GroupmemberObjectId $id
}
}
}
if ((!$studentAdd) -and ($studentid -ne $null)) {
#Users to be Added in the Student Group that are not present
$studentGrpMembers = Get-MsolGroupMember -GroupObjectId $studentid
$studentsToAdd = ($AllUsers | ? {$_.ObjectId -ne $null}).objectid | Where {($studentGrpMembers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
Foreach ($id in $studentsToAdd) {
$GetUser = Get-AzureADUser -objectid $id
$AssignedLicenses = ($GetUser | select -ExpandProperty assignedlicenses).skuid
Foreach ($License in $AssignedLicenses) {
#Adding student members to the security group
If ($StudentSkuIDs -contains $License) {
Add-MsolGroupMember -GroupObjectId $studentid -GroupMemberType User -GroupMemberObjectId $id
}
}
}
#Users (Students) to be removed the group that are not in tenant anymore
$studentsToRemove = ($studentGrpMembers | ? {$_.ObjectId -ne $null}).objectid | Where {($AllUsers | ? {$_.ObjectId -ne $null}).objectid -NotContains $_}
if ($studentsToRemove.Count > 0) {
Foreach ($id in $studentsToRemove) {
Remove-MsolGroupMember -GroupObjectId $studentid -GroupMemberType User -GroupmemberObjectId $id
}
}
}
Start-Transcript -Path "C:\results\log.txt"
if ($facultyid -ne $null) {
$TeacherGroup = Get-MsolGroupMember -GroupObjectId $facultyid
Write-Host -ForegroundColor Green "Teacher Group Count:" $TeacherGroup.Count
Write-Host -ForegroundColor Green "Teacher Group Id:" $facultyid
}
else {
$TeacherGroup = Get-MsolGroupMember -GroupObjectId $teachergroupid
Write-Host -ForegroundColor Green "Teacher Group Count:" $TeacherGroup.Count
Write-Host -ForegroundColor Green "Teacher Group Id:" $teachergroupid
}
if ($studentid -ne $null) {
$StudentGroup = Get-MsolGroupMember -GroupObjectId $studentid
Write-Host -ForegroundColor Green "Student Group Count:" $StudentGroup.Count
Write-Host -ForegroundColor Green "Student Group Id:" $studentid
}
else {
$StudentGroup = Get-MsolGroupMember -GroupObjectId $studentgroupid
Write-Host -ForegroundColor Green "Student Group Count:" $StudentGroup.Count
Write-Host -ForegroundColor Green "Student Group Id:" $studentgroupid
}
Stop-Transcript
相關主題
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應