Get Entra ID / Azure AD properties for a group ...

Hello -

I'm looking for some guidance / clarity.

I'm running Adaxes 2023 (I know I need to update) and I have a very specific task I am trying to accomplish.

I am in hybrid-mode - so we have an on-premise AD that syncs to Entra ID (Azure AD).

My on-prem AD is managed and I have the M365 tenant configured under 'Cloud Services'.

I need to retrieve the Entra ID object ID for a subset of the groups in my domain.

I've been reading the online docs for hours now and I am a little lost.

If I understand correctly, it says I should be able to use the Adaxes powershell command 'get-AdmGroup' to retrieve the Entra ID object ID ... but I can't figure it out.

I've looked at the '-AdaxesService' command along with using my organization's '.onmicrosoft.com' domain name in the 'serverName' parameter, but I get an error saying that it is 'unavailable'.

I want to get the information in the easiest and most efficient manner ... and I thought it would be much easier with Adaxes.

I feel as if I am missing something here. Any and all help / direction is much appreciated (in advance).

Thanks.

ago by (60 points)

1 Answer

ago by (308k points)
0 votes

Hello,

To obtain the identifier, you can use the below script in a custom command, business rule or scheduled task. Pay attention that it will only work on users included into the associated scope of your tenant in Adaxes.

try
{
    # Get the object ID in Microsoft 365.
    $objectId = [Guid]$Context.TargetObject.Get("adm-AzureId")
}
catch
{
    return
}
ago by (60 points)
0

Thank you for the quick response.

I've tried what you suggested and am so far not being successful. I added a couple of Log statements and captured the error and this is what I am receiving.

image.png

I've obfuscated a lot, but I can verify that the group I am trying to get this information on is under the 'associated objects' of my tenant.

image.png

Can I please get some additional guidance or thoughts on this situation?

Thank you again.

ago by (308k points)
0

Hello,

The behavior is expected as the property is empty for the object you run the script against. It can only be retrieved for users who are licensed for Microsoft 365 or groups that are mail-enabled in Exchange Online. Also, there were some changes introduced by Microsoft and only applied in Adaxes 2023 Update 2 (build number 3.15.23410). If you are using an older version, you need to upgrade to use the script.

Upgrade instructions

What's New 2023

Related questions

How can I add a new user to a cloud only Entra ID licensing group?

I'm currently writing an "After User Creation" rule and I have a PowerShell script that adds the newly created, on-premises synced user to a handful of cloud ... powershell cmdlet that fails. I need to use PowerShell for the additional condtional flexibility.

asked Dec 13, 2024 by smcfarland (60 points)
0 votes
1 answer
Add a device to an Entra ID Group

is this available yet, will it be available at all. any news on an update for Adaxes, the last one was over a year ago.

asked Dec 11, 2024 by i*windows (300 points)
0 votes
1 answer
How can I add a user directly to an Entra ID group?

Hi all, How can I add a user directly to an Entra ID group? I understand it might be possible via CLI e.g. Add-AzureADGroupMember - But is there a built-in GUI method via Business Rules? Thanks, David

asked Oct 2, 2024 by dshortall (80 points)
0 votes
1 answer
As part of offboarding users I need to keep a note of all AD/Entra groups, Azure / M365 roles and licenses

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24, 2024 by dhardyuk (20 points)
0 votes
1 answer
Certain Azure AD group properties cannot be updated

It is currently not possible to update the following properties of Microsoft 365 groups via Adaxes: Let people outside the organization email this group (allowExternalSenders ... permissions are not currently supported for the property by Microsoft Graph API.

asked Nov 16, 2022 by Adaxes (650 points)
0 votes
0 answers