Creating azure ad group with group types "Unified" and "DynamicMembership" fails in azure powershell function

Question

I am using AzureAdPreview moudule and with the help of this I am trying to create a group with types "Unified" as well as "DynamicMembership".

So as per microsoft doc this is the command I have used

Import-Module AzureADPreview -UseWindowsPowerShell

$tenantId = <my tenant id>
$clientId = <my client id>
$thumbprint = <my thumbprint>

Connect-AzureAD -TenantId $tenantId -ApplicationId $clientId -CertificateThumbprint $thumbprint

New-AzureADMSGroup -Description $description -DisplayName `
$displayName -MailEnabled $true -SecurityEnabled $true `
-MailNickname $nickName -GroupTypes "DynamicMembership", "Unified"
-MembershipRule '(user.department -contains "tech")' -MembershipRuleProcessingState $true

But I am getting always invalid value provided in grouptypes error.

In an sligtly different approach, I have tried creating the group first with unified type, and then queried back the same group and appended grouptype to "DynamicMembership",I expected that to work but that also didn't make any difference.

Just like this -

New-AzureADMSGroup -Description $description -DisplayName `
    $displayName -MailEnabled $true -SecurityEnabled $true `
    -MailNickname $nickName -GroupTypes "Unified"

$grp = Get-AzureADMSGroup -SearchString $displayName

if($grp -ne $null)
{
   [System.Collections.ArrayList]$groupTypes = $grp.GroupTypes
   $groupTypes.Add($dynamicGroupTypes)
    
   Set-AzureAdMsGroup -Id $grp.Id `
   -GroupTypes $dynamicGroupTypes `
   -MembershipRuleProcessingState "On" `
   -MembershipRule $memberShipRule
}

Can you tell what I am doing wrong, this is working fine in a windows powershell. I am not able to understand what is malformed about that grouptypes.

Answer 1

• You are making some basic mistakes in the command that you are using for creating a ‘Unified’ and ‘Dynamic’ group through using powershell command in the Azure function. The command execution in Azure function involves the use of ‘AzureADPreview’ module only. Thus, you will have to uninstall and remove the ‘AzureAD’ module from your list of modules installed in powershell. For this purpose, execute the below command first: -

  Remove-Module AzureAD -ErrorAction SilentlyContinue

Once done, then install the AzureADPreview module as you have done in your stated command. Then, execute the ‘Connect-AzureAD’ command as you have done. Then, execute the command as stated by me below for errorless execution as it is from start to end. Please do not forget to declare the other variables that you did in your question description for ‘Client ID’, ‘Tenant ID’ and ‘Thumbprint’: -

   $tenantId = 'my tenant id'
   $clientId = 'my client id'
   $thumbprint = 'my thumbprint'
   $description = ‘Description of the group’
   $displayName = ‘Display Name to be given’
   $nickName = ‘Any name of the group’

   Connect-AzureAD -TenantId $tenantId -ApplicationId $clientId -CertificateThumbprint $thumbprint

   New-AzureADMSGroup -Description $description -DisplayName $displayName -MailEnabled $true -SecurityEnabled $true -MailNickname $nickName -GroupTypes "DynamicMembership", "Unified" -MembershipRule “(user.department -contains “"tech"”)” -MembershipRuleProcessingState “On”

Once the above command is executed as it is, your command will be executed successfully in Azure function without any error or issue.