In posts before I explained how to create a HTTPTrigger PowerShell Azure Function. How can we use that now? Well, one thing could be to create users in Azure AD from a SharePoint list. We need to create a SharePoint list with a couple of fields and also create the Azure Function for that. And here's how we will be doing this.
You can either click in the UI until you have a list with these fields:
Internalname: Type
UPN: Text
UserManager: User
Department: Choice
GivenName: Text
SurName: Text
Jobtitle: Choice
UsageLocation: Choice
License: Choice
MailAddress: Text
OR! We can use SharePoint PnP PowerShell and do this quicker:
Now that we have a list, we can put in some entries. You don't need to do that now, we'll have to enter some people later on. We will create create a Flow that can trigger our Azure Function:
Click on "Platform features" and select "API definition"
On the next screen click on "Generate API definition template":
Azure will create the definition, as can be seen here:
Click on "Save" and then on "Export to PowerApps + Flow":
Configure the custom API:
After we did this, we can go back to the good stuff: PowerShell. Our header of the function will look like this:
The Flow will provide us with an ItemID ($itemID), a URL($url) and the list title (listTitle). We will need them to get the user from the list and pull information from the list.
In this next part we will define a lot of things:
$FunctionName: This needs to be name you were giving the function, in this example it will be "AddAzureADUser"
Define modules: We need three modules (SharePointPnPPowerShellOnline, AzureAD, MSOnline), change the version numbers to your versions
Define username and password: in this example they are stored as environmental variables in the Azure Function
Importing PowerShell modules: the modules are stored in "bin", see this blog post
Build credentials: from the stored information, we're creating the credential object
Tenant ID: You will have to provide your tenant ID
Conect via MSOL Service
Connect via PnP Online
Connect via Azure AD
During this part, we are creating password profile so that the user has to change the password on the first login.
If there is a MailAdress definied, we will split that and create a MailNickName.
And lastly we are creating the user.
If the user has an e-Mail address in the user list, we are storing the e-Mail address in the Azure AD and the SharePoint User Profile Service
With the created user, we can also set some information for that person.
In this part we are changing the department, the given name, the surname, the jobtitle and the usage location. You have to set the usage location! Also we are doing this for Azure AD and the SharePoint User Profile Service
Finally we are setting the license! It is important that you replace the "TENANTNAME:" with your own tenant name.
Here are the final scripts: