Granting permissions to users based on Group Membership with PowerShell

Granting permissions to users based on Group Membership with PowerShell

Hello,

Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?

I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.

I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.

  • You have a basic understanding of PowerShell Scripting
  • You have modified all locations shown with ‘#########’ to your requirements

For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.


clear-host
# Define Service Account
$username = '#########'
$password = '#########'
$pass = Convertto-Securestring -String $password -asPlaintext -Force
$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)

# Connect to Office 365
Import-Module MSOnline
Connect-MsolService -Credential $credential

# Connect to Skype for Business Online
Import-Module -Name SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession -Session $sfboSession -AllowClobber

# Get Group Members
Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

# Import Users
$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv

# Assign CsClientPolicy
Foreach ($row in $csv) {
If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})
{
Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'
}
else
{
Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"
get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt
}
}

You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.


# Get Group Members
Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes

Regards

The Author

Working with PowerShell Global Variables

Working with PowerShell Global Variables

Hello,

I have been recently working on a number of PowerShell scripts which have several different “Functions” and found that I need to use variables that may have been previous set in a previous Function action. If a variable has been set in a function we are not able to just use the $Variable name in the following function so, as we don’t want to be prompting for the same information over and over again we can get around this issue by using Global Variables.

Example script without a global variable.

The following script shows that $accountname prompt has been specified in both functions increase the manual input require to action this script. This is an acceptable method if you wanted to be prompted but in a scripting scenario PowerShell can do a lot more to reduce the need for manual input.


Function Get-Mailbox {
$accountname = Read-Host -Prompt 'Please enter - Account Name'
Get-Mailbox -Name $AccountName
}

Function Set-Mailbox{
$accountname = Read-Host -Prompt 'Please enter - Account Name'
$password = Read-Host -Prompt 'Please enter - Password'
Set-Mailbox -Name $accountname -Password $password
}

Example script a global variable.

The following script is now using $Global:AccounName which sits outside of the Function blocks and looks at the $accountname variable when it has been specified or called into action. So any other functions within the script which require the $accountname variable will now be defined as $Global:AccountName as shown below.


$Global:AccountName = $accountname

Function Get-Mailbox {
$accountname = Read-Host -Prompt 'Please enter - Account Name'
Get-Mailbox -Name $AccountName
}

Function Set-Mailbox {
$password = Read-Host -Prompt 'Please enter - Password'
Set-Mailbox -Name $Global:AccountName -Password $password
}

This concludes how to use a Global Variable within your PowerShell script.

Remember: PowerShell is one of the most powerful tools available to all IT Professional and the best of it…. It’s FREE. It only requires you to launch the PowerShell Consoles whether that maybe PowerShell or PowerShell ISE. Start your PowerShell journey today and script actions you complete on a day to day basis to reduce the time and effort required.

Regards

The Author – Blogabout.Cloud

Notes from the Field: KB298200 – The update is not applicable to your computer

Notes from the Field: KB298200 – The update is not applicable to your computer

Hello Reader,

In this “Notes from the Field” post we will look at a common Skype for Business error which you may encounter when installing a Skype for Business Front End for the first time.

As you can see from the image below we have encountered an error during the the deployment wizard when installing a Skype for Business Front End for the first time on a newly built Windows 2012 R2 Server.

After downloading KB298200 and attempting to install the required Windows Update the following error occurs;

In order to resolve this issue effectively we need to download the latest Skype for Business Server Cumulative Update. This error was resolved in Skype for Business Server cumulative update Janaury 2018. A good point of reference for all Skype for Business Server CU, head over to https://blogs.technet.microsoft.com/uclobby/2015/06/22/skype-for-business-2015-cumulative-update-list/ 

First of all, you will need to stop all Skype for Business Service and this can be done easily using the following PowerShell cmdlet:

Stop-CSWindowsService

Launch the Skype for Business Update Installer and click ‘Install Updates’

Once the installation has been completed you will be able to complete the deployment wizard process with a successful outcome.

Please Note: You will need to re-run the Skype for Business Update Installer to patch the rest of the Skype for Business services.

Regards

Author – Blogabout.Cloud

Windows 10 Fall Creator Update 1709 – Sysprep was not able to validate your Windows installation

Windows 10 Fall Creator Update 1709 – Sysprep was not able to validate your Windows installation

Hello Reader,

In this post, we will look at a known bug within the Windows 10 Fall Creators Update 1709, where you are unable to perform a sysprep of a Windows 10 workstation running update 1709. This is a little annoying bug which prevents sysprep from running.

The error messages as shown below provides you with a bit of detail and a UNC Folder to check the log file for more information.
Sysprep was not able to validate your Windows installation.
Review the log file at:
%WINDIR%\Systems32\Sysprep\Panther\setupact.log for details. After resolving this issue, use sysprep to valiate your installation again.

This error seems to be caused by Windows 10 Store Apps updating within the background, we can prevent this from happening by adding the following reg key either by using regedit or Powershell. As I am a big avodate of PowerShell I will using show the deployment and removal of this key using PowerShell.

Identifiying the Windows 10 Applications.

Using the path provided within the sysprep error message you will be able to easily identify the problem application, this is case the problem was being caused by the SketchBook application. Once removing SketchBook app the problem persisted as a number of other apps needs to be removed also.

Video demostration.

You can find a video of each application being removed until sysprep was able to successfully execute.

We hope that this post has helped your issue.

Regards
Author