🙏 Entra.Groups | Add Parameters to Various Functions that Resolve Identities

[dougvm]

Describe the feature

Make it so that you can pass more user-friendly values to the following commands (ideally doing this with any other commands I might've missed here as well)

• Add-EntraGroupMember.ps1
• Add-EntraGroupOwner.ps1
• Remove-EntraGroupMember.ps1
• Remove-EntraGroupOwner.ps1

How will this feature enhance your project and further the project’s overall goals? Who will benefit from this feature (i.e. all users; the project team)?

• This is a very missed feature from the AzureAD module. Currently it's fairly easy to make wrapper functions that accomplish this request however I feel like that only adds to the overall clutter/confusion, especially for less technical users.

Describe alternatives you've considered

• Wrapper functions

  • If I load up a completely fresh PowerShell session, install the Entra module, blah blah, and then want to quickly add someone to a group in a more human way, there's a LOT of additional work involved compared to how it was with the AzureAD module. Currently the quickest way/simplest way I've done it without a wrapper function is below, you can see how even from a glance this is not the most ideal situation.

  • Add-EntraGroupMember -GroupId (Get-EntraGroup -Filter "displayName eq '$($GroupName)'").Id -MemberId (Get-EntraUser -Filter "UserPrincipalName eq '$($UserUPN)'").Id

Additional context

• To avoid messing too much with the existing code, I feel like this could be fairly easily added by adding additional sets of parameters.
  • For example, in Add-EntraGroupMember, something adding a parameter like -GroupName
  • Resolving that group via searching for it by name and doing something along the lines of: $MemberId = (Get-EntraGroup -filter "DisplayName eq '$GroupName'").Id

[alexandair]

That approach is not going to work. Group name is not unique.

[SamErde]

Can you give a specific example (show code) of what you used to do with the AzureAD module that you want to reproduce with the Entra module?

[dougvm]

You guys don't know how excited I was to see a notification in my GitHub lol, this is my first time actually trying to submit an issue to a public repo so please forgive me if my markdown formatting sucks.

That approach is not going to work. Group name is not unique.

@alexandair, I completely understand, however wouldn't this be fairly simple to workaround for the vast majority of runs? For example:

• The way this is handled by the Exchange module is that if multiple results are found when querying, it will not go through with adding a member and instead throw an error asking for more information. In that scenario if we have two distribution lists with the name "Users Group", you can run Add-DistributionGroupMember -Identity "Users Group" -Member user.name and it will throw an throw informing the user of the name conflict.
• I believe the same was true for the AzureAD module but I just can't seem to find an archive of the actual Microsoft documentation

Haven't looked over the code for a few of these Entra commands since I created this issue but I think the main obstacle with implementing this would be the fact that the various functions are currently not resolving the target object AND/OR the member object before attempting to add the members due to the way the API works. My suggestion is basically to at least add parameters that might be slightly slower in exchange for more convenient terminal usage

Can you give a specific example (show code) of what you used to do with the AzureAD module that you want to reproduce with the Entra module?

@SamErde, forgive me if I'm misremembering or if my PSReadLine has a few cached error runs but I believe you used to be able to run the following commands:

• Add-AzureADGroupMember -Identity <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc> -Member <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc>
• Remove-AzureADGroupMember -Identity <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc> -Member <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc>
• Get-AzureADGroup -Identity <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc>
• Get-AzureADGroupMember -Identity <GUID, UPN, DisplayName, Name, SamAccountName, DistinguishedName, etc>
• And so many more functions that I'm probably missing where the functions would try and resolve the target identities, presumably at the cost of a slight performance hit since they were effectively doing 3 actions (querying user & group, sending request to add user to the group)

[KenitoInc]

Graph PowerShell example

• Get-MgGroup InputObject as a parameter - https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.groups/get-mggroup?view=graph-powershell-1.0#getviaidentity

[dougvm]

@KenitoInc, I never understood that parameter until I saw the notes because of this reply, thank you!

Graph PowerShell example

* `Get-MgGroup`
  InputObject as a parameter - https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.groups/get-mggroup?view=graph-powershell-1.0#getviaidentity

One thing however though... without looking into the code for Get-MgGroup, I'm not sure how much of an improvement -InputObject being added to the Entra commands would be compared to the current situation as far as the Entra module's commands go?

To my understanding, a fair amount (if not most) of the Entra commands already allow for some under the hood resolving for uniquely identifying parameters like UPN, GUID, etc. Whereas my primary request here is basically wanting some more traditional Microsoft PoSH module -Identity & -Member properties that will throw a halting error if multiple results are found to avoid accidental modifications, likely at the cost of some additional queries.

My apologies if I misunderstood your reply!