Public/New-GraphAzureADGroup.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
function New-GraphAzureADGroup() {
    <#
        .SYNOPSIS
            Create an Azure AD Group through Microsoft Graph.
        .DESCRIPTION
            https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/group_post_groups
        .PARAMETER DisplayName
            The name to display in the address book for the group.
        .PARAMETER MailEnabled
            Set to true for mail-enabled groups. Set this to true if creating an Office 365 Group. Set this to false if creating dynamic or security group.
        .PARAMETER MailNickname
            The mail alias for the group.
        .PARAMETER SecurityEnabled
            Set to true for security-enabled groups. Set this to true if creating a dynamic or security group. Set this to false if creating an Office 365 group. Required.
        .PARAMETER Owners
            This property represents the owners for the group at creation time.
        .PARAMETER Members
            This property represents the members for the group at creation time.
    #>

    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string]$DisplayName,

        [Parameter(Mandatory = $true)]
        [bool]$MailEnabled,

        [Parameter(Mandatory = $true)]
        [string]$MailNickname,

        [Parameter(Mandatory = $true)]
        [bool]$SecurityEnabled,

        [Parameter(Mandatory = $false)]
        [array]$Owners,

        [Parameter(Mandatory = $false)]
        [array]$Members
    )

    process {
        try {
            # Check if a Graph Auth Token is available in the Module scope (from the Get-GraphAuthToken function)
            if ($moduleScopeGraphAuthHeader) {
                $authHeader = $moduleScopeGraphAuthHeader
            }
            else {
                Write-Output "Connect to Microsoft Graph using Connect-Graph first."
            }

            $uri = "https://graph.microsoft.com/v1.0/groups"
        
            # Mandatory parameters
            $body = @{
                'displayName'     = $displayName
                'mailEnabled'     = $mailEnabled
                'mailNickname'    = $mailNickname
                'securityEnabled' = $securityEnabled
            }

            # Optional parameters
            if ($owners) {
                $body.add('owners', $owners)
            }

            if ($members) {
                $body.add('members', $members)
            }

            $bodyAsJson = $body | ConvertTo-Json
        
            # Encode as UTF-8 to support accented characters in Display Names.
            $query = Invoke-RestMethod -Uri $uri -Headers $authHeader -Body ([System.Text.Encoding]::UTF8.GetBytes($bodyAsJson)) -Method POST -ErrorAction Stop
            
            return $query
        }
        catch {
            $streamReader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
            $streamReader.BaseStream.Position = 0
            $streamReader.DiscardBufferedData()
            $responseBody = $streamReader.ReadToEnd()

            Write-Error "Request to $($_.Exception.Response.ResponseUri) failed with HTTP Status $($_.Exception.Response.StatusCode) $($_.Exception.Response.StatusDescription). `nResponse content: `n$responseBody"
        }
    }
}