https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountrevokegroupmembership

Azure Active Directory - User account revoke group membership
https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountrevokegroupmembership

azure-active-directory delegated-form powershell product service-automation task

Last synced: about 2 months ago
JSON representation

Azure Active Directory - User account revoke group membership

• Host: GitHub
• URL: https://github.com/tools4everbv/helloid-task-sa-target-azureactivedirectory-accountrevokegroupmembership
• Owner: Tools4everBV
• Created: 2023-03-13T12:16:02.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-10T15:38:37.000Z (12 months ago)
• Last Synced: 2024-01-10T18:05:58.100Z (12 months ago)
• Topics: azure-active-directory, delegated-form, powershell, product, service-automation, task
• Language: PowerShell
• Homepage:
• Size: 35.2 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        

# HelloID-Task-SA-Target-AzureActiveDirectory-AccountRevokeGroupMembership

## Prerequisites

Before using this snippet, verify you've met with the following requirements:

- [ ] AzureAD app registration

- [ ] The correct app permissions for the app registration

- [ ] User defined variables: `AADTenantID`, `AADAppID` and `AADAppSecret` created in your HelloID portal.

## Description

This code snippet executes the following tasks:

1. Define a hash table `$formObject`. The keys of the hash table represent the parameters needed for this action, while the values represent the values entered in the form.

> To view an example of the form output, please refer to the JSON code pasted below.

```json

{

    "UserIdentity": "[email protected]",

    "GroupsToRemove": [

        {

            "Name": "testgroup1",

            "Id" : "599bba95-e5ac-45f9-a3a0-e6e2674bb7df"

        },

        {

            "Name": "testgroup2",

            "Id" : "938a3e5d-2093-4ed9-b6b9-777c144ad08d"

        }

    ]

}

```

> :exclamation: It is important to note that the names of your form fields might differ. Ensure that the `$formObject` hashtable is appropriately adjusted to match your form fields.

> [See the Microsoft Docs page](https://learn.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0&tabs=http)

2. Receive a bearer token by making a POST request to: `https://login.microsoftonline.com/$AADTenantID/oauth2/token`, where `$AADTenantID` is the ID of your Azure Active Directory tenant.

3. Looks up the user in Azure by its UPN, by making a GET request to  `https://graph.microsoft.com/v1.0/users/$($formObject.UserIdentity)`.  This is done to get the Objectid of the user in Azure.

4. For each group in the specified groups in  `GroupsToRemove` the user is removed from the group. by making a DELETE request to `https://graph.microsoft.com/v1.0/groups//members//$ref`

   > :exclamation: If making changes to the code be sure to keep the `$ref` part in the URI, to prevent deleting the user object itself.