-
Notifications
You must be signed in to change notification settings - Fork 9
/
new-rbac-groups.ps1
44 lines (37 loc) · 1.13 KB
/
new-rbac-groups.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[CmdletBinding()]
param
(
[Parameter(
Mandatory=$true,
HelpMessage="Specify the Azure AD RBAC group names to create. For example: MyAppUsersGroup and MyAppAdministratorsGroup.")]
[System.String[]]
$RbacGroupNames
)
$ErrorActionPreference = "Stop"
$accounts = az account list
if ($accounts -contains "az login")
{
Write-Host "Logging into Azure for the Azure CLI tooling."
az login --allow-no-subscriptions
}
else
{
Write-Host "Already logged into Azure CLI tooling."
}
$cliEmptyResult = "[]"
foreach ($groupName in $RbacGroupNames)
{
Write-Host "Checking if the Azure AD security group '$groupName' exists."
$groupResult = az ad group list --display-name $groupName
if ($groupResult -eq $cliEmptyResult)
{
Write-Host "Group doesn't exist, creating it now."
$null = az ad group create --display-name $groupName --mail-nickname $groupName
}
else
{
Write-Host "Group already exists, creation will be skipped."
}
}
Write-Host "Group setup has completed."
Write-Host "ACTION REQUIRED: In Azure AD Groups, add at least one user to each of the role groups created."