Renew MSO 365 Groups, for MS Teams

1. <#
2. Script:         Auto-Renew Groups; Thwart Expirations
3. Date:           June 2020
4. Scripter:       Trey Bentley
5. Description:    This script renews MSO 365 groups, so that they don't expire.
6.     Requires the Group's ID, to avoid same-name conflicts. Run as a weekly
7.     scheduled task in Task Scheduler with something like:
8.         Action: Start a program
9.         Program/script: C\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
10.         Add an argument: -File "C:\Scripts\MS_Teams\expirationExceptions.ps1"
11. #>
12.  
13. #############################
14. #   User Variables
15. #############################
16. # List the IDs of the group(s)/team(s) to auto-renew.
17. $renewGrps = @(
18. "b945caa3-2d6b-420c-9589-ca3b2df54ff4", # Exception Team 1
19. "8f610d8d-1105-4218-ab18-94565efba92e", # Exception Team 2
20. "9910e40a-91ba-49a9-9b41-04b5b64e2520"  # Exception Team 3
21. );  ##### !!!!!!! No comma on the last entry. !!!!!!! #####
22.  
23. ###############
24. #   AzureAD Online Credentials
25. ###############
26. # What is the Global Admin Service Account for your AzureAD?
27. $aadUsr = "ga@initech.net"
28.  
29. # Where is the secure password file for the above service account?
30. # You can create the file with something like:
31. #PS>    (Get-Credential).Password | ConvertFrom-SecureString | Out-File "ad_LdapUser.pwd"
32. $aadPwdFile = "./secure.pwd";
33.  
34. ###############
35. #   Log File
36. ###############
37. # Where do you want for your log file to go?
38. #   Provided is same path as scriptfile, and with the same name as the
39. #   scriptfile, but with a .log extention.
40. # $logFile = "./" + (split-path $MyInvocation.PSCommandPath -Leaf).split('.')[0] + ".log"
41. $logFile = "./" + (split-path $MyInvocation.PSCommandPath -Leaf).split('.')[0] + ".log"
42.  
43. #############################
44. #   Initialize
45. #############################
46.  
47. # Set up credential variable for use in a few nanoseconds.
48. $aadPwd  = Get-Content "${aadPwdFile}" | ConvertTo-SecureString;
49. $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $aadUsr,$aadPwd;
50.  
51. # Import the module, and connect to AzueAD.
52. Import-Module AzureAD;
53. Connect-AzureAD -Credential $cred;
54.  
55. # Create the sesion, and import it for use.
56. $aadSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell/ -Credential $cred -Authentication Basic -AllowRedirection;
57. Import-PSSession $aadSession;
58.  
59. # Logger Feature
60. function log{
61.     param($msg)
62.    
63.     $time = (Get-Date -f "yyyy-MM-dd HH:mm:ss")
64.     Write-Host "${time} ${msg}"
65. }
66.  
67. Start-Transcript -Path "${logFile}" -Append -IncludeInvocationHeader
68. log "######################################################";
69. log "Starting new run.";
70.  
71. #############################
72. #   Main Script
73. #############################
74. foreach ($grp in $renewGrps) {
75.     log "Attempting to renew: ${grp}";
76.    
77.     $timeOld = (Get-AzureADMSGroup -Id $grp).RenewedDateTime;
78.     log "Current renew timestamp: ${timeOld}";
79.    
80.     log "Attempting to reset timestamp";
81.     $renewRs = Reset-AzureADMSLifeCycleGroup -GroupId $grp;
82.     log "Result: ${renewRs}";
83.    
84.     $timeNew = (Get-AzureADMSGroup -Id $grp).RenewedDateTime;
85.     log "Current renew timestamp: ${timeNew}";
86. }
87.  
88.  
89. log "Removing session....";
90. Remove-PSSession $aadSession
91.  
92. log "Stopping transcript....";
93. Stop-Transcript;