JDSileo · October 9, 2020 19:05
diff --git a/AD-TeamsSync.ps1 b/AD-TeamsSync.ps1
 ##This script will sync an AD Group with a Microsoft Team. (Tested on Windows Server 2019)
 ##This script should be run in a user context that has read access to a Windows Active Directory domain.
 ##To make it easier I have it run every 30 minutes starting about 5 minutes after an expected ADSync.
 ##This works with Microsoft Business Basic subscriptions. P1 licensing is not required.
 ##MSTeams Powershell Module: https://docs.microsoft.com/en-us/microsoftteams/teams-powershell-overview
 ##AADSync: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis

 $Disabled = Get-ADUser -Filter {Enabled -eq $false};#Get List of Disabled Users.
 $Teams_Admin_User = "<Admin Username Here>";#Teams Administrator Username.
 $Teams_Admin_Password = "<Admin Password Here>";#Teams Administrator Password.
 $Password = ConvertTo-SecureString $Teams_Admin_Password -AsPlainText -Force;
 $LiveCred = New-Object System.Management.Automation.PSCredential $Teams_Admin_User, $Password;
 Connect-MicrosoftTeams -Credential $LiveCred;#Establishes Connection to Microsoft Teams. Must Have Teams Powershell Module Installed.
 $Teams = Get-Team;#Gets list of all Teams.
 Foreach($Team in $Teams){#Goes through each Team.
    $TeamName = $Team.DisplayName;#Display Name of Team.
    $GroupId = $Team.GroupId;#Group ID of Team.
    $TeamUsers = Get-TeamUser -GroupId $GroupId;#Get List of Users in a Team. Search by GroupID.
    $Members = $TeamUsers.User;#Username of Team members. Generally should be the UserPrincipleName.
    $TeamPrefix = "MST-";#AD Group Prefix. This can be anything you want.
    $ADTeamName = $TeamPrefix + $TeamName;#The Group in Active Directory should be named so that the Prefix + the Team name match. Example: The group "MST-Marketing" in Active Directory will be synced with the team called "Marketing" in MS Teams.
    $GroupExists = @(Get-ADGroup -Identity $ADTeamName);#Checks to see if a group exists for this team.
    if ($GroupExists){#Checks to see if a group exists for this team.
        $ADUsers = Get-ADGroupMember -Identity $ADTeamName -Recursive | %{get-aduser $_.SamAccountName | select userPrincipalName};#Gets list of members of the group.
        $Users = $ADUsers.UserPrincipalName;#Compacts the list to a list of UserPrincipalNames.
        $Users = $Users | select -Unique;#Eliminates any duplicates that may be returned.
        Foreach($User in $Users){#Goes through each user in the group.
            if($User -Notin $Members -and $User -Notin $Disabled.userPrincipalName){#Checks to see if the group member is on the team unless the user is disabled.
                Add-TeamUser -GroupId $GroupId -User $User;#Adds the group member to the team.
                echo($User + " has been added to the " + $TeamName + " Team.");
            }
        }
        Foreach($Member in $Members){#Goes through each member of the team.
            if($Member -NotIn $Users){#Checks to see if the team member is still in the Active Directory group.
                Remove-TeamUser -GroupId $GroupId -User $Member;#Removes the team member as they are not in the group.
                echo($Member + " has been removed from the " + $TeamName + " Team.");
            }
        }
    } else {
        echo("Sync Group for " + $TeamName + " not found.");#No AD group was found. No syncing will take place for this team.
    }
    
 }
	##This script will sync an AD Group with a Microsoft Team. (Tested on Windows Server 2019)
	##This script should be run in a user context that has read access to a Windows Active Directory domain.
	##To make it easier I have it run every 30 minutes starting about 5 minutes after an expected ADSync.
	##This works with Microsoft Business Basic subscriptions. P1 licensing is not required.
	##MSTeams Powershell Module: https://docs.microsoft.com/en-us/microsoftteams/teams-powershell-overview
	##AADSync: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis

	$Disabled = Get-ADUser -Filter {Enabled -eq $false};#Get List of Disabled Users.
	$Teams_Admin_User = "<Admin Username Here>";#Teams Administrator Username.
	$Teams_Admin_Password = "<Admin Password Here>";#Teams Administrator Password.
	$Password = ConvertTo-SecureString $Teams_Admin_Password -AsPlainText -Force;
	$LiveCred = New-Object System.Management.Automation.PSCredential $Teams_Admin_User, $Password;
	Connect-MicrosoftTeams -Credential $LiveCred;#Establishes Connection to Microsoft Teams. Must Have Teams Powershell Module Installed.
	$Teams = Get-Team;#Gets list of all Teams.
	Foreach($Team in $Teams){#Goes through each Team.
	$TeamName = $Team.DisplayName;#Display Name of Team.
	$GroupId = $Team.GroupId;#Group ID of Team.
	$TeamUsers = Get-TeamUser -GroupId $GroupId;#Get List of Users in a Team. Search by GroupID.
	$Members = $TeamUsers.User;#Username of Team members. Generally should be the UserPrincipleName.
	$TeamPrefix = "MST-";#AD Group Prefix. This can be anything you want.
	$ADTeamName = $TeamPrefix + $TeamName;#The Group in Active Directory should be named so that the Prefix + the Team name match. Example: The group "MST-Marketing" in Active Directory will be synced with the team called "Marketing" in MS Teams.
	$GroupExists = @(Get-ADGroup -Identity $ADTeamName);#Checks to see if a group exists for this team.
	if ($GroupExists){#Checks to see if a group exists for this team.
	$ADUsers = Get-ADGroupMember -Identity $ADTeamName -Recursive \| %{get-aduser $_.SamAccountName \| select userPrincipalName};#Gets list of members of the group.
	$Users = $ADUsers.UserPrincipalName;#Compacts the list to a list of UserPrincipalNames.
	$Users = $Users \| select -Unique;#Eliminates any duplicates that may be returned.
	Foreach($User in $Users){#Goes through each user in the group.
	if($User -Notin $Members -and $User -Notin $Disabled.userPrincipalName){#Checks to see if the group member is on the team unless the user is disabled.
	Add-TeamUser -GroupId $GroupId -User $User;#Adds the group member to the team.
	echo($User + " has been added to the " + $TeamName + " Team.");
	}
	}
	Foreach($Member in $Members){#Goes through each member of the team.
	if($Member -NotIn $Users){#Checks to see if the team member is still in the Active Directory group.
	Remove-TeamUser -GroupId $GroupId -User $Member;#Removes the team member as they are not in the group.
	echo($Member + " has been removed from the " + $TeamName + " Team.");
	}
	}
	} else {
	echo("Sync Group for " + $TeamName + " not found.");#No AD group was found. No syncing will take place for this team.
	}

	}