Replace Microsoft Group membership

gistfile1.txt

# This script replaces the membership of a user with another with another for a given list of Microsoft 365 Groups
# The input file should contain the IDs of the Microsoft 365 Groups / Teams
## id
## b48b89cf-35be-441c-b290-853318dce42a
## b48b89cf-35be-441c-b290-853318dce42d
## babd731a-85e7-48e8-89c6-f96e565ee68c
## 3ebd3caf-efdd-4958-bbbf-1dd43e8c1493
## bd341f68-4f98-41e9-901a-d5a14dff49c8
$fileInput = "<PUTYOURPATHHERE.csv>"
$oldUser = "upnOfOldUser"
$newUser = "upnOfNewUser"
# Parameters end

$m365Status = m365 status

if ($m365Status -eq "Logged Out") {
  # Connection to Microsoft 365
  m365 login
}

# configure the CLI to output JSON on each execution
m365 cli config set --key output --value json
m365 cli config set --key errorOutput --value stdout
m365 cli config set --key showHelpOnFailure --value false

function Get-CLIValue {
[cmdletbinding()]
    param(
        [parameter(Mandatory = $true, ValueFromPipeline = $true)]
        $input,
        [parameter(Mandatory = $false)]
        $convertFromJson = $true
    )
    if ($convertFromJson) {
      try {
        return $input | ConvertFrom-Json
      }
      catch {
        
      }
    }

    if ($input.StartsWith("Error:")) {
        $errorMessage = $input.Replace("Error: ", "")
        throw $errorMessage
    }

    return $input
}

function Replace-Membership {
    [cmdletbinding()]
    param(
        [parameter(Mandatory = $true)]
        $fileInput ,
        [parameter(Mandatory = $true)]
        $oldUser,
        [parameter(Mandatory = $true)]
        $newUser
    )
    $groupsToProcess = Import-Csv $fileInput 
    $groupsToProcess.id | ForEach-Object {
        $groupId = $_
        Write-Host "Processing Group ($groupId)" -ForegroundColor DarkGray -NoNewline

        $group = $null
        try {
            $group = m365 aad o365group get --id $groupId | Get-CLIValue 
        }
        catch  {
            Write-Host
            Write-Host $_.Exception.Message -ForegroundColor Red
            return
        }
        Write-Host " - $($group.displayName)" -ForegroundColor DarkGray

        $isTeam = $group.resourceProvisioningOptions.Contains("Team");

        $users = $null
        $users = m365 aad o365group user list --groupId $groupId | Get-CLIValue
        $users | Where-Object { $_.userPrincipalName -eq $oldUser } | ForEach-Object {
           $user = $_
           $isMember = $user.userType -eq "Member"
           $isOwner = $user.userType -eq "Owner"

           Write-Host "Found $oldUser with $($user.userType.tolower()) rights" -ForegroundColor Green

           # owners must be explicitly added as members if it is a team
           if ($isMember -or $isTeam) {
             try {
                Write-Host "Granting $newUser member rights"
                m365 aad o365group user add --groupId $groupId --userName $newUser | Get-CLIValue
             }
             catch  {
               Write-Host $_.Exception.Message -ForegroundColor White
             }
           }

           if ($isOwner) {
             try {
                Write-Host "Granting $newUser owner rights"
                m365 aad o365group user add --groupId $groupId --userName $newUser --role Owner | Get-CLIValue
             }
             catch  {
               Write-Host $_.Exception.Message -ForegroundColor White
             }
           }

           try {
              Write-Host "Removing $oldUser..."
              m365 aad o365group user remove --groupId $groupId --userName $oldUser --confirm $false | Get-CLIValue
           }
           catch  {
             Write-Host $_.Exception.Message -ForegroundColor Red
             continue
           }
        }
    }
}

Replace-Membership $fileInput $oldUser $newUser