0

I have below script that add users to o365 group at start of their work as below:

$DateMaxTime = (Get-date).AddDays(0)
$DateMaxTimeNew = (Get-date).AddDays(-30)

$usersRO = Get-ADUser -Filter * -Properties * -SearchBase "OU=Users,OU=Resources,OU=Romania,OU=DataManagement,DC=USA"|where {$_.Description -like "*TEMP*" -or $_.Description -like "*PERM*" } |select samaccountname,description,name
$groupsRO = '#O365-EXTERNALACCESS'


$FinalResultRO = New-object System.Collections.ArrayList

ForEach($groupRO in $groupsRO){
$membersRO = Get-ADGroupMember -Identity $groupRO -Recursive | Select -ExpandProperty samaccountname
Foreach ($userRO in $usersRO){
$AcountNameRO = $userRO.samaccountname
$DatePartRONew = get-aduser -identity $AcountNameRO -Properties * | Select-Object whenCreated
$DatePartSubsRONew = $DatePartRONew.whenCreated
$DataPartROdesc=$userRO.description
$expressionRO = ([regex]'(\d{2}/\d{2}/\d{4})').Match($DataPartROdesc).Groups[0].Value
$DatePartRO= $expressionRO
$FinalDateRO = [datetime]::ParseExact($DatePartRO,'dd/MM/yyyy',$null)
    If ($DatePartSubsRONew -lt $DateMaxTimeNew){
    Write-Host "$AcountNameRO ouf of date scope"}
    else {Write-Host "$AcountNameRO in scope"
        If ((get-date $FinalDateRO.Date) -eq (get-date $DateMaxTime.Date)){
            Write-Host "$AcountNameRO is a today Starter"
            If ($membersRO -notcontains $AcountNameRO ) {
            Write-Host "Adding external group $groupRO for: $AcountNameRO"
            Add-ADGroupMember -Identity "#O365-EXTERNALACCESS" -Members $AcountNameRO 
            $FinalResultRO.Add((New-Object psobject -Property @{User=$AcountNameRO}))
             } 
            Else {Write-Host "$AcountNameRO  exists in  group $groupRO"}
        }Else {Write-Host "$AcountNameRO is not a Starter"}
        }
    }
}

$listRO = [array]$FinalResultRO |Select User |Out-String
$listRO.gettype()

if [string]::IsNullOrEmpty($listRO){
Write-Host "nothing to send"
}
Else {
Write-Host "Mail sent"
Send-MailMessage -From "[email protected]" -To "[email protected]" -Subject "Following users have been granted external access rights" -smtpServer "donut" -body "$($listRO)"
}

I run this script daily in task scheduler with higest privilage .

For some reasons, sometimes when script is executing , telling me that users has been added to group but its not changing in Active DIrectory . Only when I run the script second time its working (manually on powershell , not using task scheduler).

What can be a reason for this ?

Improve this question

1 Answer 1

Reset to default
1

I would check this line

 Add-ADGroupMember -Identity "#O365-EXTERNALACCESS" -Members $AcountNameRO

Your code runs even if it hits some error for whatever reason. I would add a try catch statement to figure out what went wrong (could be DNS, Network, some problem with $AcountNameRO variable ...).

try {Add-ADGroupMember -Identity "#O365-EXTERNALACCESS" -Members $AcountNameRO}
catch{

write-host "something went wrong in Add-ADGroupMember"
Send-MailMessage -From "[email protected]" -To "[email protected]" - 
Subject "please check Add-ADGroupMember"
write-host $_
}

Of course, write-host is a bad idea when running a scheduled task because you do not see the output. So I would dump the output in a file or the eventlog or write an email. Bill wrote a nice summary of what you could do concerning the logging. https://adamtheautomator.com/powershell-logging/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.