Filip Kasaj

I can act how I want, but I can't want what I want.

User Tools

Site Tools

Trace: grouplicense
technet:msgraph:grouplicense
  1. # LINKS
  2. <#
  3. https://blog.simonw.se/getting-an-access-token-for-azuread-using-powershell-and-device-login-flow/
  4. #>
  5.  
  6. # VARIABLES
  7.  
  8. $TenantID = "19e2d3e4-XXXX-XXXX-XXXX-94bff5fc46a2"
  9.  
  10. # MAIN
  11.  
  12. $ClientID = '1950a258-227b-4e31-a9cf-717495945fc2'
  13. $Resource = "https://graph.microsoft.com/"
  14.  
  15. $DeviceCodeRequestParams = @{
  16.     Method = 'POST'
  17.     Uri    = "https://login.microsoftonline.com/$TenantID/oauth2/devicecode"
  18.     Body   = @{
  19.         client_id = $ClientId
  20.         resource  = $Resource
  21.     }
  22. }
  23.  
  24. $DeviceCodeRequest = Invoke-RestMethod @DeviceCodeRequestParams
  25. Write-Host $DeviceCodeRequest.message -ForegroundColor Yellow
  26.  
  27. # To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DP3XEJSAW to authenticate.
  28.  
  29. # Get auth token
  30.  
  31. $TokenRequestParams = @{
  32.     Method = 'POST'
  33.     Uri    = "https://login.microsoftonline.com/$TenantId/oauth2/token"
  34.     Body   = @{
  35.         grant_type = "urn:ietf:params:oauth:grant-type:device_code"
  36.         code       = $DeviceCodeRequest.device_code
  37.         client_id  = $ClientId
  38.     }
  39. }
  40. $TokenRequest = Invoke-RestMethod @TokenRequestParams
  41.  
  42. <# Get groups test 
  43.  
  44. $Token = $TokenRequest.access_token
  45. $AadGroupRequestParams = @{
  46.     Method  = 'GET'
  47.     Uri     = 'https://graph.microsoft.com/v1.0/groups?$top=1'
  48.     Headers = @{
  49.         'Authorization' = "Bearer $Token" 
  50.     }
  51. }
  52. $AadGroupRequest = Invoke-RestMethod @AadGroupRequestParams
  53. $AadGroupRequest.value
  54.  
  55. #>
  56.  
  57. # Group creation
  58. # https://docs.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0#dynamic-membership
  59.  
  60. $Token = $TokenRequest.access_token
  61. $Method = "POST"
  62. $Url = "https://graph.microsoft.com/v1.0/groups"
  63.  
  64. $Reference = '{
  65.     "description": "License Group E3",
  66.     "displayName": "LicenseGroupE3",
  67.     "groupTypes": [],
  68.     "mailEnabled": false,
  69.     "mailNickname": "LicenseGroupE3",
  70.     "securityEnabled": true,
  71. }'
  72.  
  73. $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $url -Body $Reference -Method $Method -ContentType 'application/json' -ErrorAction Stop
  74. $Data
  75.  
  76. # License assignment
  77. # Get-AzureADSubscribedSku ked SkuIds
  78. # https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops&viewFallbackFrom=vsts
  79.  
  80. $GroupId = "6766ec7e-22bc-47c7-85bb-b01da3e04e1c" # change needed
  81. $Token = $TokenRequest.access_token
  82. $Method = "POST"
  83. $Url = "https://graph.microsoft.com/v1.0/groups/$GroupId/assignLicense"
  84.  
  85. $Reference = '{
  86.     "addLicenses": [
  87.       {
  88.         "disabledPlans": [ "b737dad2-2f6c-4c65-90e3-ca563267e8b9","76846ad7-7776-4c40-a281-a386362dd1b9"],
  89.         "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
  90.       }
  91.     ],
  92.     "removeLicenses": []
  93. }'
  94.  
  95. $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $url -Body $Reference -Method $Method -ContentType 'application/json' -ErrorAction Stop
  96. $Data
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
technet/msgraph/grouplicense.txt · Last modified: 2023/06/14 09:43 by A User Not Logged in