forked from vanvfields/Microsoft-365
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Enable-GroupsCreationForAllUsers.ps1
70 lines (51 loc) · 2.51 KB
/
Enable-GroupsCreationForAllUsers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<##################################################################################################
#
.SYNOPSIS
This will re-enable creating Microsoft 365 Groups for all users
You must have the Preview version of the Azure AD PowerShell module:
Uninstall-Module AzureAD
Install-Module AzureADPreview
Source of script:
https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/manage-creation-of-groups?view=o365-worldwide
.NOTES
FileName: Enable-GroupsCreationForAllUsers.ps1
Author: Alex Fields, ITProMentor.com
Created: February 2020
Revised: April 2021
#>
###################################################################################################
Import-Module AzureADPreview -Force
$GroupName = ""
$AllowGroupCreation = "True"
$CheckForGroup = Get-AzureADGroup -All $true | Where-Object DisplayName -eq $GroupName
if ($CheckForGroup -eq $null -or $CheckForGroup -eq "") {
New-AzureADGroup -DisplayName $GroupName -SecurityEnabled $true -MailEnabled $false -MailNickName sg-GroupCreators
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
if($GroupName)
{
$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
} else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Write-Host
Write-Host "Please add users to the new Security group to enable Groups creation." -ForegroundColor Yellow
Write-Host
Write-Host "Script completed." -ForegroundColor Green
} else {
Write-Host "Security group for Group Creators already exists; no changes will be made." -ForegroundColor Red
Write-Host
Write-Host "Exiting script." -ForegroundColor Red
Write-Host
}