105 - Improve Group Management to Support Exchange
Introduction
Hello and welcome to Rewst 105, where we focus on managing groups using Microsoft's APIs. We'll learn how to differentiate between different types of groups, whether they are managed using Microsoft Graph or Microsoft Exchange Online. Additionally, we'll explore how to implement feedback messages and handle errors effectively within our workflow.
We'll start by retrieving the group object using the group ID. This action is performed using the Microsoft Graph API.
Step 1: Getting the Properties of a Group
β οΈ These steps assume you have completed the full steps from Rewst 104 You can find the instructions to make this form on the Rewst 104 Page
Add a Get Group Action
Open the Add or Remove from AzureAD Group workflow.
Add a Get Group action from the Microsoft Graph category.
Move the Get Group action to top of the workflow.
Rename the Get Group action to "get_group".
SetGroup ID to {{ CTX.group_id }} under Parameters.
Click the On Success transition of Get Group.
Create a Data Alias:
Key: group
Value: {{RESULT.result.data.value}}
Part 2: Determine Group Type
Next, we'll use conditional logic to determine the group type based on the group object properties. Depending on the type, the workflow branches out to the corresponding actions.
Step 2: Differentiating Group Types
Create a Fork in the Workflow
Add a noop below the get_group action to create a new fork in the workflow.
Connect the On Success transition from get_group to the new noop.
Click the noop.
Rename the noop "check_group_type".
Click Advanced.
Set the Transition Mode to Follow First.
Identify Dynamic Membership Groups
Click the On Success transition on check_group_type.
Add "Dynamic Group" as the Custom Label.
Set the Custom Condition as {{ "DynamicMembership" in CTX.group.groupTypes }}.
Identify Unified and non-Mail Enabled Groups
Add another transition labeled "Graph" for check_group_type.
Set the Custom Condition as {{ "Unified" in CTX.group.groupTypes or not CTX.group.mailEnabled }}.
Connect the Graph transition to the add_or_remove noop.
Add a Transition for Exchange Online Managed Groups
Add another transition labeled Exchange Online for check_group_type.
Copyadd_or_remove.
Rename the copy to "add_or_remove_exo".
Moveadd_or_remove_exo below and to the right of check_group_type.
Connect the Exchange Online transition from check_group_type to add_or_remove_exo.
Part 3: Add or Remove Users
For Unified and Security Groups managed by Microsoft Graph or Distribution Groups managed by Exchange Online, we'll implement actions to add or remove users based on the group type.
Step 3: Implementing Add Using Microsoft Exchange Online
Implement Add-DistributionGroupMember
Add an InvokeCommand action from the Microsoft Exchange category.
Move the InvokeCommand action under the Add transition of add_or_remove_exo.
Connect the Add transition to the InvokeCommand action.
Click the InvokeCommand action.
Rename the action "exo_add_group_member"
EnterAdd-DistributionGroupMember for Cmdlet Name.
Add the parameters:
Member: {{ CTX.user_id }}
Identity: {{ CTX.group_id }}
BypassSecurityGroupManagerCheck: {{ true }}
Step 4: Implementing Remove Using Microsoft Exchange Online
Implement Remove-DistributionGroupMember
Copyexo_add_group_member.
Click the copied exo_add_group_member.
Rename the action "exo_remove_group_member"
Moveexo_remove_group_member under the Remove transition of add_or_remove_exo.
Connect the Remove transition to the exo_remove_group_member action.
EnterRemove-DistributionGroupMember for Cmdlet Name
Check the parameters are set:
Member: {{ CTX.user_id }}
Identity: {{ CTX.group_id }}
BypassSecurityGroupManagerCheck: {{ true }}
Part 4: Handle Errors and Provide Feedback
Next, we'll incorporate error-handling mechanisms by providing feedback messages for successful or failed actions. This ensures a seamless user experience and clear communication in case of issues.
Step 5: Configure Workflow Settings
Output Variable Setup
Click Configure Workflow Settings (Pencil icon)
Add an Output Configuration variable:
Field Name: group_result
Value: {{ CTX.group_result }}
Click Submit.
Click Configure Workflow Settings to exit.
Step 6: Implementing Feedback Messages to Microsoft Graph Actions
Add On Success and On Failure Messages to _microsoft_graph_add_group_member_
Click the On Success transition for microsoft_graph_add_group_member.
Create a Data Alias:
Key: group_result
Value: User was added to MS Graph Group {{ CTX.group.displayName | d }}.
Add a new transition.
Click the new transition.
ClickOn Failure under Condition.
Add a Data Alias:
Key: group_result
Value: Failed adding the user to Graph Group {{ CTX.group.displayName | d }}.
Add On Success and On Failure Messages to _microsoft_graph_remove_group_member_
Click the On Success transition for microsoft_graph_remove_group_member.
Create a Data Alias:
Key: group_result
Value: User was removed from MS Graph Group {{ CTX.group.displayName | d }}.
Add a new transition.
Click the new transition.
ClickOn Failure under Condition.
Add a Data Alias:
Key: group_result
Value: Failed removing the user from Graph Group {{ CTX.group.displayName | d }}.
Step 7: Implementing Feedback Messages to Exchange Online Actions
Add On Success and On Failure Messages to _exo_add_group_member_
Click the On Success transition for exo_add_group_member.
Add a Data Alias:
Key: group_result
Value: User was added to Exchange Group {{ CTX.group.displayName | d }}.
Add a new transition.
Click the new transition.
ClickOn Failure under Condition.
Add a Data Alias:
Key: group_result
Value: Failed adding the user to Exchange Group {{ CTX.group.displayName | d }}.
Add On Success and On Failure Messages to _exo_remove_group_member_
Click the On Success transition for exo_remove_group_member.
Add a Data Alias:
Key: group_result
Value: User was removed from Exchange Group {{ CTX.group.displayName | d }}.
Add a new transition.
Click the new transition.
ClickOn Failure under Condition.
Create a Data Alias:
Key: group_result
Value: Failed removing the user from Exchange Group {{ CTX.group.displayName | d }}.
Part 5: Workflow Completion and Success
Finally, we'll set up the workflow completion criteria, ensuring that the workflow is considered successful if at least one parent task succeeds.
Step 8: Finishing Touches
Add an On Failure Message for get_group
Create a new transition for get_group.
Click the new transition.
ClickOn Failure under Condition.
Add a Data Alias:
Key: group_result
Value: Failed to get Group information for {{ CTX.group_id }}.
Add a Message for Dynamic Groups
Click the Dynamic Group transition on check_group_type
Add a Data Alias:
Key: group_result
Value: The Group {{ CTX.group.displayName | d }} is a Dynamic Group and can not be directly modified. You will need to edit its Membership Rules to modify this.
Add a Finish to the Workflow
Add a noop towards the bottom of the workflow.
Click the newly added noop.
Rename the noop "finish".
Set the Task Transition Criteria Sensitivity to 1 under Advanced.
Connect the transitions from graph_add_group_member, graph_remove_group_member, exo_add_group_member, and exo_remove_group_member to the finish noop.
Step 9: Test it
Try it for yourself
Choose a User.
Click Add or Remove.
Select a Group.
Check the results of the workflow to see which action is executed.
Conclusion
Rewst 105 equips you with the knowledge and skills to manage groups effectively in Rewst. By understanding the nuances of different group types and employing the appropriate APIs, you can efficiently handle group operations within your applications.
Additional Resources
For more information on Microsoft Exchange PowerShell Commandlets, check out their documentation: