Loading...

Scheduling a purge of an Azure AD group members using Azure Automation and PowerShell


In this post I will show you how to use Azure Automation and PowerShell to scheduly remove members of an Azure AD group.


Context

- You have a group on Intune/Azure AD

- This group contains members

- You want to remove all members

- You want to schedule this every week for instance


The solution

- Create a resource group (if you don't have one)

- Create an Azure Automation account

- Add Managed Identity on the Automation account

- Create a Runbook in Automation

- Runbook will remove members of the group

- Schedule the Runbook every week


Get the script

Click on the below GitHub picture to download the automation runbook script.


Create a resource group

1. Go to Azure

2. In the search bar type Resource group

3. Go to Resource group

4. Click on Create

5. Choose a Subscription

6. Type a Resource group name

7. Here: Automation_Scripts

8. Choose your region

9. Here: (Europe)France Central

10. Click on Review + Create

11. Click on Create


Create Azure Automation account

Create the account

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to Automation accounts

4. Click on Create

5. Type a name

6. Here: azuread-scripts

7. Choose a Subscription

8. Choose the Resource group

9. Here: intune_reporting

10. Choose your region

11. Here: (Europe)France Central

12. In Create Azure Run As Account, select No

13. Click on Create

14. Wait a bit

15. Click on Go to resource


Add modules

1. Go to your automaton account

2. Click on Modules gallery

3. Search: az.Accounts

4. Click on az.Accounts

5. Click on Import

6. Click on OK

7. Wait for importing


Set Managed Identity

1. Go to your automation account

2. Go to Identity (Preview)

3. Go to System assigned

4. Select On

5. Click on Save

6. Click on Yes



Add a group owner

1. Go to your group

2. Go to Owners

3. Add the automation account


Azure Automation Runbook

Create a Runbook

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to your Automation accounts

4. Go to Runbooks

5. Click on + Create a runbook

6. Type a name

7. In Runbook type, select PowerShell

8. Click on Create


Add script in Runbook

The runbook script is located downloaded sources

Its name is: Purge_AAD_group.ps1

Add the group ID in the variable $GroupID.




Test the Runbook

1. Click on Test pane

2. Click on Start

3. Once finished, you should see Completed



Publish the Runbook

1. Go to your Runbook

2. Click on Edit

3. Click on Publish

4. Click on Yes


Schedule the Runbook

1. Go to your Runbook

2. Click on Schedules

3. Click on + Add a schedule

4. Click on Link a schedule to your runbook

5. Click on + Add a schedule

6. Type a schedule name

7. In Recurrence, select Recuring

8. Click on Create

Powershell 6056097797819651612

Enregistrer un commentaire

Accueil item

Award

Sponsors

You want to support me ?

Mes articles en français

Endpoint Manager award

Author of Books

Stats