Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- Script: Auto-Renew Groups; Thwart Expirations
- Date: June 2020
- Scripter: Trey Bentley
- Description: This script renews MSO 365 groups, so that they don't expire.
- Requires the Group's ID, to avoid same-name conflicts. Run as a weekly
- scheduled task in Task Scheduler with something like:
- Action: Start a program
- Program/script: C\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- Add an argument: -File "C:\Scripts\MS_Teams\expirationExceptions.ps1"
- #>
- #############################
- # User Variables
- #############################
- # List the IDs of the group(s)/team(s) to auto-renew.
- $renewGrps = @(
- "b945caa3-2d6b-420c-9589-ca3b2df54ff4", # Exception Team 1
- "8f610d8d-1105-4218-ab18-94565efba92e", # Exception Team 2
- "9910e40a-91ba-49a9-9b41-04b5b64e2520" # Exception Team 3
- ); ##### !!!!!!! No comma on the last entry. !!!!!!! #####
- ###############
- # AzureAD Online Credentials
- ###############
- # What is the Global Admin Service Account for your AzureAD?
- $aadUsr = "ga@initech.net"
- # Where is the secure password file for the above service account?
- # You can create the file with something like:
- #PS> (Get-Credential).Password | ConvertFrom-SecureString | Out-File "ad_LdapUser.pwd"
- $aadPwdFile = "./secure.pwd";
- ###############
- # Log File
- ###############
- # Where do you want for your log file to go?
- # Provided is same path as scriptfile, and with the same name as the
- # scriptfile, but with a .log extention.
- # $logFile = "./" + (split-path $MyInvocation.PSCommandPath -Leaf).split('.')[0] + ".log"
- $logFile = "./" + (split-path $MyInvocation.PSCommandPath -Leaf).split('.')[0] + ".log"
- #############################
- # Initialize
- #############################
- # Set up credential variable for use in a few nanoseconds.
- $aadPwd = Get-Content "${aadPwdFile}" | ConvertTo-SecureString;
- $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $aadUsr,$aadPwd;
- # Import the module, and connect to AzueAD.
- Import-Module AzureAD;
- Connect-AzureAD -Credential $cred;
- # Create the sesion, and import it for use.
- $aadSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell/ -Credential $cred -Authentication Basic -AllowRedirection;
- Import-PSSession $aadSession;
- # Logger Feature
- function log{
- param($msg)
- $time = (Get-Date -f "yyyy-MM-dd HH:mm:ss")
- Write-Host "${time} ${msg}"
- }
- Start-Transcript -Path "${logFile}" -Append -IncludeInvocationHeader
- log "######################################################";
- log "Starting new run.";
- #############################
- # Main Script
- #############################
- foreach ($grp in $renewGrps) {
- log "Attempting to renew: ${grp}";
- $timeOld = (Get-AzureADMSGroup -Id $grp).RenewedDateTime;
- log "Current renew timestamp: ${timeOld}";
- log "Attempting to reset timestamp";
- $renewRs = Reset-AzureADMSLifeCycleGroup -GroupId $grp;
- log "Result: ${renewRs}";
- $timeNew = (Get-AzureADMSGroup -Id $grp).RenewedDateTime;
- log "Current renew timestamp: ${timeNew}";
- }
- log "Removing session....";
- Remove-PSSession $aadSession
- log "Stopping transcript....";
- Stop-Transcript;
Add Comment
Please, Sign In to add comment