-
Notifications
You must be signed in to change notification settings - Fork 0
/
Assign-MSOLRoles.ps1
119 lines (95 loc) · 3.61 KB
/
Assign-MSOLRoles.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Assigns a Role to an MSOL Portal User
$GLOBAL:currentMFAVersion = 8808;
Function Begin-MSOLAssignmentViaScript
{
<#
.SYNOPSIS
Assigns a Role to an MSOL Portal User
.DESCRIPTION
The Login-MSOLServices will check to see if you are already logged in. If not, it will establish the authentication token and connect you to the MSOL Services.
Then the Get-TargetMSOLRole function will get the role for the corresponding keyword parameter. Lastly, the Assign-RoleForMSOLUser function will assign role to the target user.
.PARAMETER roleName
Full name of Role, i.e., "Helpdesk Administrator".
.PARAMETER userPrincipalName
The user principal name, i.e., [email protected].
.NOTES
You need to run this function as a member of the Service Admins roles in the O365 vNEXT Portal; Also you need the MSOnline modules that allow MFA auth.
Download from here: http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
Author: Louis Simonetti
Date: 5-16-2016
#>
param($userPrincipalName="empty", [string]$roleName="empty")
if($userPrincipalName -eq "empty")
{
$userPrincipalName = Read-host "Enter a valid UPN ([email protected])"
}
Login-MSOLServices;
$role = $null;
if($roleName -eq "empty")
{
$role = Get-TargetMSOLRole;
}
else
{
$role = Get-MsolRole -RoleName $roleName;
}
Assign-RoleForMSOLUser -role $role -userPrincipalName $userPrincipalName
}
function Inform-UserToUpgrade
{
write-host "Please go to http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185 to get the Module that supports MFA" -ForegroundColor Yellow
Read-host "Press enter to exit..."
}
Function Login-MSOLServices
{
$versionInfo=(get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion -split "\."
if($versionInfo[0] -lt 1 -or ($versionInfo[0] -eq 1 -and $versionInfo[2] -lt $GLOBAL:currentMFAVersion)){
Inform-UserToUpgrade
break;
}
else{
Import-Module MSOnline -ErrorAction SilentlyContinue
Get-MsolDomain -ErrorAction SilentlyContinue | Out-Null
if($?)
{
return "connected"
}
else
{
Connect-MsolService
}
}
}
function Get-TargetMSOLRole
{
$caption = "Select a MSOL User Role Assignment"
$message = "Which MSOL Role assignment would you like to select?"
$roles = Get-MsolRole
$ChoiceDescriptions = $null
$resulthash = @{}
for ($i = 0; $i -lt $roles.count; $i++)
{
$name = $roles[$i]|select -expand Name
$ChoiceDescriptions += @(New-Object System.Management.Automation.Host.ChoiceDescription ("&" + $name))
$resulthash.$i = $name
}
$AllChoices = [System.Management.Automation.Host.ChoiceDescription[]]($ChoiceDescriptions)
$result = $Host.UI.PromptForChoice($Caption,$Message, $AllChoices, 0)
$resulthash.$result -replace "&", ""
return $roles|?{$_.name -eq $resulthash.$result}
}
Function Assign-RoleForMSOLUser
{
param ($role, $userPrincipalName)
Add-MsolRoleMember -RoleObjectId $role.Objectid -RoleMemberEmailAddress $userPrincipalName -ErrorAction SilentlyContinue
if($?)
{
Write-Host "USer: $userPrincipalName added" -ForegroundColor Green
Get-MsolRoleMember -RoleObjectId $role.ObjectId
}
else
{
Write-Host "USer: $userPrincipalName was either already added or does not exist" -ForegroundColor Yellow
}
}
Begin-MSOLAssignmentViaScript