-
Notifications
You must be signed in to change notification settings - Fork 4
/
ProvisionMicrosoftTeam.ps1
47 lines (40 loc) · 1.92 KB
/
ProvisionMicrosoftTeam.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<# Copyright (c) Microsoft Corporation. All rights reserved.
This code is licensed under the Microsoft Public License.
THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY
IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR
PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. #>
Param
(
[Parameter (Mandatory=$true)]
[String] $UPN,
[Parameter (Mandatory=$true)]
[String] $GroupId
)
$ErrorActionPreference = "Stop"
# Establish connection to Microsoft Teams
$cred = Get-AutomationPSCredential -Name "WorkflowService" # Service Account = Team Creator
Connect-MicrosoftTeams -Credential $cred
# Create new Microsoft Team
Write-Output "Create new Team using existing O365 Group"
$team = New-Team -Group $GroupId
$team
<# If Team Creator isn't the user requesting this Team, then remove Team Creator as owner
from Team and add requesting user as owner instead #>
if ($cred.UserName -ne $UPN) {
# Connect to Azure AD with service principal aka Azure Run as Account
$servicePrincipal = Get-AutomationConnection -Name 'AzureRunAsConnection'
Connect-AzureAD -ApplicationId $servicePrincipal.ApplicationId `
-TenantId $servicePrincipal.TenantId `
-CertificateThumbprint $servicePrincipal.CertificateThumbprint
# Add requesting user to Team as owner
$user = Get-AzureADUser -Filter "UserPrincipalName eq '$($UPN)' or Mail eq '$($UPN)'"
Write-Output "Add requesting user as Group Owner"
Add-AzureADGroupOwner -ObjectId $team.GroupId -RefObjectId $user.ObjectId
# Try removing Team Creator as owner from Team
$creator = Get-AzureADUser -Filter "UserPrincipalName eq '$($cred.UserName)'"
Write-Output "Remove Team Creator as Group Owner"
Remove-AzureADGroupOwner -ObjectId $team.GroupId -OwnerId $creator.ObjectId
Disconnect-AzureAD
}
Disconnect-MicrosoftTeams