105 - Improve Group Management to Support Exchange

Introduction

Hello and welcome to Rewst 105, where we focus on managing groups using Microsoft's APIs. We'll learn how to differentiate between different types of groups, whether they are managed using Microsoft Graph or Microsoft Exchange Online. Additionally, we'll explore how to implement feedback messages and handle errors effectively within our workflow.

When you've completed this training, don't forget to get credit!

These steps below require Rewst 102 and Rewst 104 to be completed prior to starting the exercise.

Watch the video and follow along with the steps below

Get Credit

To get credit for completing this session offline, please submit this form.

Follow Along

Review this article for more about Managing Groups: Microsoft Graph vs. Exchange Online.

Part 1: Get Group Object

We'll start by retrieving the group object using the group ID. This action is performed using the Microsoft Graph API.

Step 1: Getting the Properties of a Group

⚠️ These steps assume you have completed the full steps from Rewst 104 You can find the instructions to make this form on the Rewst 104 Page

Add a Get Group Action

  1. Open the Add or Remove from AzureAD Group workflow.

  2. Add a Get Group action from the Microsoft Graph category.

  3. Move the Get Group action to top of the workflow.

  4. Rename the Get Group action to "get_group".

  5. Set Group ID to {{ CTX.group_id }} under Parameters.

  6. Click the On Success transition of Get Group.

  7. Create a Data Alias:

    • Key: group

    • Value: {{RESULT.result.data.value}}

Part 2: Determine Group Type

Next, we'll use conditional logic to determine the group type based on the group object properties. Depending on the type, the workflow branches out to the corresponding actions.

Step 2: Differentiating Group Types

Create a Fork in the Workflow

  1. Add a noop below the get_group action to create a new fork in the workflow.

  2. Connect the On Success transition from get_group to the new noop.

  3. Click the noop.

  4. Rename the noop "check_group_type".

  5. Click Advanced.

  6. Set the Transition Mode to Follow First.

Identify Dynamic Membership Groups

  1. Click the On Success transition on check_group_type.

  2. Add "Dynamic Group" as the Custom Label.

  3. Set the Custom Condition as {{ "DynamicMembership" in CTX.group.groupTypes }}.

Identify Unified and non-Mail Enabled Groups

  1. Add another transition labeled "Graph" for check_group_type.

  2. Set the Custom Condition as {{ "Unified" in CTX.group.groupTypes or not CTX.group.mailEnabled }}.

  3. Connect the Graph transition to the add_or_remove noop.

Add a Transition for Exchange Online Managed Groups

  1. Add another transition labeled Exchange Online for check_group_type.

  2. Copy adding_or_removing.

  3. Rename the copy to "adding_or_removing_exo".

  4. Move adding_or_removing_exo below and to the right of check_group_type.

  5. Connect the Exchange Online transition from check_group_type to adding_or_removing_exo.


Part 3: Add or Remove Users

For Unified and Security Groups managed by Microsoft Graph or Distribution Groups managed by Exchange Online, we'll implement actions to add or remove users based on the group type.

Step 3: Implementing Add Using Microsoft Exchange Online

Implement Add-DistributionGroupMember

  1. Add an InvokeCommand action from the Microsoft Exchange category.

  2. Move the InvokeCommand action under the Add transition of adding_or_removing_exo.

  3. Connect the Add transition to the InvokeCommand action.

  4. Click the InvokeCommand action.

  5. Rename the action "exo_add_group_member"

  6. Enter Add-DistributionGroupMember for Cmdlet Name.

  7. Add the parameters:

    • Member: {{ CTX.user_id }}

    • Identity: {{ CTX.group_id }}

    • BypassSecurityGroupManagerCheck: {{ true }}

Step 4: Implementing Remove Using Microsoft Exchange Online

Implement Remove-DistributionGroupMember

  1. Copy exo_add_group_member.

  2. Click the copied exo_add_group_member.

  3. Rename the action "exo_remove_group_member"

  4. Move exo_remove_group_member under the Remove transition of adding_or_removing_exo.

  5. Connect the Remove transition to the exo_remove_group_member action.

  6. Enter Remove-DistributionGroupMember for Cmdlet Name

  7. Check the parameters are set:

    • Member: {{ CTX.user_id }}

    • Identity: {{ CTX.group_id }}

    • BypassSecurityGroupManagerCheck: {{ true }}


Part 4: Handle Errors and Provide Feedback

Next, we'll incorporate error-handling mechanisms by providing feedback messages for successful or failed actions. This ensures a seamless user experience and clear communication in case of issues.

Step 5: Implementing Feedback Messages to Microsoft Graph Actions

Output Variable Setup

  1. Click Configure Workflow Variable (Pencil icon)

  2. Add an Output Variable:

    • Field Name: group_result

    • Value: {{ CTX.group_result }}

  3. Click Submit.

  4. Click Configure Workflow Variable to exit.

Add On Success and On Failure Messages to _microsoft_graph_add_group_member_

  1. Click the On Success transition for microsoft_graph_add_group_member.

  2. Create a Data Alias:

    • Key: group_result

    • Value: User was added to MS Graph Group {{ CTX.group.displayName | d }}.

  3. Add a new transition.

  4. Click the new transition.

  5. Click On Failure under Condition.

  6. Add a Data Alias:

    • Key: group_result

    • Value: Failed adding the user to Graph Group {{ CTX.group.displayName | d }}.

Add On Success and On Failure Messages to _microsoft_graph_remove_group_member_

  1. Click the On Success transition for microsoft_graph_remove_group_member.

  2. Create a Data Alias:

    • Key: group_result

    • Value: User was removed from MS Graph Group {{ CTX.group.displayName | d }}.

  3. Add a new transition.

  4. Click the new transition.

  5. Click On Failure under Condition.

  6. Add a Data Alias:

    • Key: group_result

    • Value: Failed removing the user from Graph Group {{ CTX.group.displayName | d }}.

Step 6: Implementing Feedback Messages to Exchange Online Actions

Add On Success and On Failure Messages to _exo_add_group_member_

  1. Click the On Success transition for exo_add_group_member.

  2. Add a Data Alias:

    • Key: group_result

    • Value: User was added to Exchange Group {{ CTX.group.displayName | d }}.

  3. Add a new transition.

  4. Click the new transition.

  5. Click On Failure under Condition.

  6. Add a Data Alias:

    • Key: group_result

    • Value: Failed adding the user to Exchange Group {{ CTX.group.displayName | d }}.

Add On Success and On Failure Messages to _exo_remove_group_member_

  1. Click the On Success transition for exo_remove_group_member.

  2. Add a Data Alias:

    • Key: group_result

    • Value: User was removed from Exchange Group {{ CTX.group.displayName | d }}.

  3. Add a new transition.

  4. Click the new transition.

  5. Click On Failure under Condition.

  6. Create a Data Alias:

    • Key: group_result

    • Value: Failed removing the user from Exchange Group {{ CTX.group.displayName | d }}.


Part 5: Workflow Completion and Success

Finally, we'll set up the workflow completion criteria, ensuring that the workflow is considered successful if at least one parent task succeeds.

Step 7: Finishing Touches

Add an On Failure Message for get_group

  1. Create a new transition for get_group.

  2. Click the new transition.

  3. Click On Failure under Condition.

  4. Add a Data Alias:

    • Key: group_result

    • Value: Failed to get Group information for {{ CTX.group_id }}.

Add a Message for Dynamic Groups

  1. Click the Dynamic Group transition on check_group_type

  2. Add a Data Alias:

    • Key: group_result

    • Value: The Group {{ CTX.group.displayName | d }} is a Dynamic Group and can not be directly modified. You will need to edit its Membership Rules to modify this.

Add a Finish to the Workflow

  1. Add a noop towards the bottom of the workflow.

  2. Click the newly added noop.

  3. Rename the noop "finish".

  4. Set the Task Transition Criteria Sensitivity to 1 under Advanced.

  5. Connect the transitions from graph_add_group_member, graph_remove_group_member, exo_add_group_member, and exo_remove_group_member to the finish noop.

Step 8: Test it

Try it for yourself

  1. Choose a User.

  2. Click Add or Remove.

  3. Select a Group.

  4. Check the results of the workflow to see which action is executed.

Conclusion

Rewst 105 equips you with the knowledge and skills to manage groups effectively in Rewst. By understanding the nuances of different group types and employing the appropriate APIs, you can efficiently handle group operations within your applications.


Additional Resources

For more information on Microsoft Exchange PowerShell Commandlets, check out their documentation:

Need more guidance?

Sign up for our LIVE training sessions below!

Last updated