Help creating Microsoft 365 Groups via Graph
Can anyone tell me what I’m doing wrong in regards to the dynamic group filter?
Here is my script followed by the error message. When I have the WhatIf statement in, the csv files are populated correctly and there is no error. When I remove the whatif and the group creation is attempted I get the error.
# Import necessary modules
Import-Module ActiveDirectory
Import-Module Microsoft.Graph.Groups
# Connect to Microsoft Graph
Connect-MgGraph -Scopes “Group.ReadWrite.All”
# Fetch managers
$managers = Get-ADUser -Filter “Title -eq ‘Sales Manager'” -SearchBase “OU=Sales Managers,OU=User Accounts – Head Office,DC=contoso,DC=com”” -Properties extensionAttribute5
# Loop through each manager
foreach ($manager in $managers) {
if ([string]::IsNullOrEmpty($manager.extensionAttribute5)) {
continue
}
$firstName = $manager.Name.Split(‘ ‘)[0]
# Define group details and OUs for potential members
$groupDetails = @{
“Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = $null; Title = $null }
“Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = $null; Title = $null }
“Sales Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = “Sales Program”; Title = $null }
“Marketing Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = “Marketing Program”; Title = $null }
“Sales Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Sales”; Title = $null }
“Marketing Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Marketing”; Title = $null }
“Temp Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Temp”; Title = $null }
“Directors” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = $null; Title = “Director” }
}
foreach ($groupKey in $groupDetails.Keys) {
$groupInfo = $groupDetails[$groupKey]
$groupName = “District $($manager.extensionAttribute5) $groupKey Group ($firstName)”
$emailAlias = “District-$($manager.extensionAttribute5)-$groupKey-Group”.Replace(” “, “-“).Replace(“,”, “”).Replace(“(“, “”).Replace(“)”, “”)
# Determine the filter based on group requirements
$filter = “extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'”
if ($groupInfo.Department) {
$filter += ” -and Department -eq ‘$($groupInfo.Department)'”
}
if ($groupInfo.Title) {
$filter += ” -and Title -like ‘*$($groupInfo.Title)*'”
}
# Fetch potential group members
$members = Get-ADUser -Filter $filter -SearchBase $groupInfo.OU -Properties Title, Department, extensionAttribute5, physicalDeliveryOfficeName
# Export members to CSV
$csvPath = “C:temp$groupName.csv”
$members | Select-Object Name, extensionAttribute5, Department, physicalDeliveryOfficeName, Title | Export-Csv -Path $csvPath -NoTypeInformation
# Debug output to check parameter values
Write-Host “Group Name: $groupName”
Write-Host “Email Alias: $emailAlias”
Write-Host “Membership Rule: $MembershipRule”
# Simulate group creation
New-MgGroup -DisplayName $groupName -Description “Dynamic Microsoft 365 group created by Contoso PS Script” `
-MailEnabled:$True -SecurityEnabled:$False `
-MailNickname $emailAlias -GroupTypes “DynamicMembership”, “Unified” `
-MembershipRule “user.extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'” -MembershipRuleProcessingState “On”
}
}
Error is:
Group Name: District 1 Program Group (Cheeto)
Email Alias: District-1-Program-Group
Membership Rule:
New-MgGroup : Invalid characters found in the rule: ‘ ‘
Status: 400 (BadRequest)
ErrorCode: InvalidCharactersException
Date: 2024-07-19T04:39:59
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 80ccb81b-1052-4915-a03b-e35604ec15a2
client-request-id : d31d414b-5abc-4946-a800-a2be43a86fca
x-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”US
Central”,”Slice”:”E”,”Ring”:”3″,”ScaleUnit”:”000″,”RoleInstance”:”TO1PEPF0000542E”}}
Date : Fri, 19 Jul 2024 04:39:58 GMT
At C:UserscontosoadminDocumentsM365-bulk-group-creation.ps1:60 char:58
+ … “user.extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'” -Mem …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Headers = , b…oftGraphGroup }:<>f__AnonymousType2`2) [New-MgGroup_Crea
teExpanded], Exception
+ FullyQualifiedErrorId : InvalidCharactersException,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded
Thank you,
B
Can anyone tell me what I’m doing wrong in regards to the dynamic group filter?Here is my script followed by the error message. When I have the WhatIf statement in, the csv files are populated correctly and there is no error. When I remove the whatif and the group creation is attempted I get the error. # Import necessary modules
Import-Module ActiveDirectory
Import-Module Microsoft.Graph.Groups
# Connect to Microsoft Graph
Connect-MgGraph -Scopes “Group.ReadWrite.All”
# Fetch managers
$managers = Get-ADUser -Filter “Title -eq ‘Sales Manager'” -SearchBase “OU=Sales Managers,OU=User Accounts – Head Office,DC=contoso,DC=com”” -Properties extensionAttribute5
# Loop through each manager
foreach ($manager in $managers) {
if ([string]::IsNullOrEmpty($manager.extensionAttribute5)) {
continue
}
$firstName = $manager.Name.Split(‘ ‘)[0]
# Define group details and OUs for potential members
$groupDetails = @{
“Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = $null; Title = $null }
“Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = $null; Title = $null }
“Sales Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = “Sales Program”; Title = $null }
“Marketing Program” = @{ OU = “OU=User Accounts – Program Locations,DC=contoso,DC=com”; Department = “Marketing Program”; Title = $null }
“Sales Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Sales”; Title = $null }
“Marketing Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Marketing”; Title = $null }
“Temp Staff” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = “Temp”; Title = $null }
“Directors” = @{ OU = “OU=User Accounts – Field Staff,DC=contoso,DC=com”; Department = $null; Title = “Director” }
}
foreach ($groupKey in $groupDetails.Keys) {
$groupInfo = $groupDetails[$groupKey]
$groupName = “District $($manager.extensionAttribute5) $groupKey Group ($firstName)”
$emailAlias = “District-$($manager.extensionAttribute5)-$groupKey-Group”.Replace(” “, “-“).Replace(“,”, “”).Replace(“(“, “”).Replace(“)”, “”)
# Determine the filter based on group requirements
$filter = “extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'”
if ($groupInfo.Department) {
$filter += ” -and Department -eq ‘$($groupInfo.Department)'”
}
if ($groupInfo.Title) {
$filter += ” -and Title -like ‘*$($groupInfo.Title)*'”
}
# Fetch potential group members
$members = Get-ADUser -Filter $filter -SearchBase $groupInfo.OU -Properties Title, Department, extensionAttribute5, physicalDeliveryOfficeName
# Export members to CSV
$csvPath = “C:temp$groupName.csv”
$members | Select-Object Name, extensionAttribute5, Department, physicalDeliveryOfficeName, Title | Export-Csv -Path $csvPath -NoTypeInformation
# Debug output to check parameter values
Write-Host “Group Name: $groupName”
Write-Host “Email Alias: $emailAlias”
Write-Host “Membership Rule: $MembershipRule”
# Simulate group creation
New-MgGroup -DisplayName $groupName -Description “Dynamic Microsoft 365 group created by Contoso PS Script” `
-MailEnabled:$True -SecurityEnabled:$False `
-MailNickname $emailAlias -GroupTypes “DynamicMembership”, “Unified” `
-MembershipRule “user.extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'” -MembershipRuleProcessingState “On”
}
} Error is:Group Name: District 1 Program Group (Cheeto)Email Alias: District-1-Program-GroupMembership Rule:New-MgGroup : Invalid characters found in the rule: ‘ ‘Status: 400 (BadRequest)ErrorCode: InvalidCharactersExceptionDate: 2024-07-19T04:39:59Headers:Transfer-Encoding : chunkedVary : Accept-EncodingStrict-Transport-Security : max-age=31536000request-id : 80ccb81b-1052-4915-a03b-e35604ec15a2client-request-id : d31d414b-5abc-4946-a800-a2be43a86fcax-ms-ags-diagnostic : {“ServerInfo”:{“DataCenter”:”USCentral”,”Slice”:”E”,”Ring”:”3″,”ScaleUnit”:”000″,”RoleInstance”:”TO1PEPF0000542E”}}Date : Fri, 19 Jul 2024 04:39:58 GMTAt C:UserscontosoadminDocumentsM365-bulk-group-creation.ps1:60 char:58+ … “user.extensionAttribute5 -eq ‘$($manager.extensionAttribute5)'” -Mem …+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : InvalidOperation: ({ Headers = , b…oftGraphGroup }:<>f__AnonymousType2`2) [New-MgGroup_CreateExpanded], Exception+ FullyQualifiedErrorId : InvalidCharactersException,Microsoft.Graph.PowerShell.Cmdlets.NewMgGroup_CreateExpanded Thank you, B Read More
