AADGroup - Added support for members and owners

CHANGELOG.md

@@ -4,6 +4,8 @@
 
 * AADGroup
   * Added support for Group Licensing by adding the AssignedLicenses property.
+  * Added support for members and owners.
+  FIXES [#1066](https://github.com/microsoft/Microsoft365DSC/issues/1066)
 * TeamsTenantDialPlan
   * Fixed an issue where the Normalization Rules strings were not properly exited.
     FIXES [#2096](https://github.com/microsoft/Microsoft365DSC/issues/2096)

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1

@@ -16,6 +16,14 @@ function Get-TargetResource
         [System.String]
         $Id,
 
+        [Parameter()]
+        [System.String[]]
+        $Owners,
+
+        [Parameter()]
+        [System.String[]]
+        $Members,
+
         [Parameter()]
         [System.String]
         $Description,
@@ -137,17 +145,43 @@ function Get-TargetResource
         {
             Write-Verbose -Message "Found existing AzureAD Group"
 
+            # Owners
+            [Array]$owners = Get-MgGroupOwner -GroupId $Group.Id -All:$true
+            $OwnersValues = @()
+            foreach ($owner in $owners)
+            {
+                if ($owner.AdditionalProperties.userPrincipalName -ne $null)
+                {
+                    $OwnersValues += $owner.AdditionalProperties.userPrincipalName
+                }
+            }
+
+            # Members
+            [Array]$members = Get-MgGroupMember -GroupId $Group.Id -All:$true
+            $MembersValues = @()
+            foreach ($member in $members)
+            {
+                if ($member.AdditionalProperties.userPrincipalName -ne $null)
+                {
+                    $MembersValues += $member.AdditionalProperties.userPrincipalName
+                }
+            }
+
+            # Licenses
             $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' `
                 -Uri "https://graph.microsoft.com/v1.0/groups/$($Group.Id)/assignedLicenses"
 
             if ($assignedLicensesRequest.value.Length -gt 0)
             {
                 $assignedLicensesValues = Get-M365DSCAzureADGroupLicenses -AssignedLicenses $assignedLicensesRequest.value
+
             }
 
             $result = @{
                 DisplayName                   = $Group.DisplayName
                 Id                            = $Group.Id
+                Owners                        = $OwnersValues
+                Members                       = $MembersValues
                 Description                   = $Group.Description
                 GroupTypes                    = [System.String[]]$Group.GroupTypes
                 MembershipRule                = $Group.MembershipRule
@@ -208,6 +242,14 @@ function Set-TargetResource
         [System.String]
         $Id,
 
+        [Parameter()]
+        [System.String[]]
+        $Owners,
+
+        [Parameter()]
+        [System.String[]]
+        $Members,
+
         [Parameter()]
         [System.String]
         $Description,
@@ -294,6 +336,10 @@ function Set-TargetResource
     $currentParameters.Remove("ApplicationSecret") | Out-Null
     $currentParameters.Remove("Ensure") | Out-Null
     $currentParameters.Remove("Credential") | Out-Null
+    $backCurrentOwners = $currentGroup.Owners
+    $backCurrentMembers = $currentGroup.Members
+    $currentParameters.Remove("Owners") | Out-Null
+    $currentParameters.Remove("Members") | Out-Null
 
     if ($Ensure -eq 'Present' -and `
         ($null -ne $GroupTypes -and $GroupTypes.Contains("Unified")) -and `
@@ -401,6 +447,7 @@ function Set-TargetResource
                 Write-Verbose -Message "Cannot set IsAssignableToRole once group is created."
                 $currentParameters.Remove("IsAssignableToRole") | Out-Null
             }
+
             if ($false -eq $currentParameters.ContainsKey("Id"))
             {
                 Update-MgGroup @currentParameters -GroupId $currentGroup.Id | Out-Null
@@ -442,12 +489,12 @@ function Set-TargetResource
         try
         {
             Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)"
-            $group = New-MgGroup @currentParameters
+            $currentGroup = New-MgGroup @currentParameters
 
-            Write-Verbose -Message "Created Group $($group.id)"
+            Write-Verbose -Message "Created Group $($currentGroup.id)"
             if ($assignedLicensesGUIDs.Length -gt 0)
             {
-                Set-MgGroupLicense -GroupId $group.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
+                Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
             }
         }
         catch
@@ -467,6 +514,79 @@ function Set-TargetResource
             New-M365DSCLogEntry -Error $_ -Message "Couldn't delete group $DisplayName" -Source $MyInvocation.MyCommand.ModuleName
         }
     }
+
+    if ($Ensure -ne 'Absent')
+    {
+        #Owners
+        $currentOwnersValue = @()
+        if ($currentParameters.Owners.Length -gt 0)
+        {
+            $currentOwnersValue = $backCurrentOwners
+        }
+        $desiredOwnersValue = @()
+        if ($Owners.Length -gt 0)
+        {
+            $desiredOwnersValue = $Owners
+        }
+        if ($backCurrentOwners -eq $null)
+        {
+            $backCurrentOwners = @()
+        }
+        $ownersDiff = Compare-Object -ReferenceObject $backCurrentOwners -DifferenceObject $desiredOwnersValue
+        foreach ($diff in $ownersDiff)
+        {
+            $user = Get-MgUser -UserId $diff.InputObject
+
+            if ($diff.SideIndicator -eq '=>')
+            {
+                Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                $ownerObject = @{
+                    "@odata.id"= "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
+                }
+                New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject | Out-Null
+            }
+            elseif ($diff.SideIndicator -eq '<=')
+            {
+                Write-Verbose -Message "Removing new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                Remove-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null
+            }
+        }
+
+        #Members
+        $currentMembersValue = @()
+        if ($currentParameters.Members.Length -ne 0)
+        {
+            $currentMembersValue = $backCurrentMembers
+        }
+        $desiredMembersValue = @()
+        if ($Members.Length -ne 0)
+        {
+            $desiredMembersValue = $Members
+        }
+        if ($backCurrentMembers -eq $null)
+        {
+            $backCurrentMembers = @()
+        }
+        $membersDiff = Compare-Object -ReferenceObject $backCurrentMembers -DifferenceObject $desiredMembersValue
+        foreach ($diff in $membersDiff)
+        {
+            $user = Get-MgUser -UserId $diff.InputObject
+
+            if ($diff.SideIndicator -eq '=>')
+            {
+                Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                $memberObject = @{
+                    "@odata.id"= "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
+                }
+                New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null
+            }
+            elseif ($diff.SideIndicator -eq '<=')
+            {
+                Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                Remove-MgGroupMemberByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null
+            }
+        }
+    }
 }
 
 function Test-TargetResource
@@ -487,6 +607,14 @@ function Test-TargetResource
         [System.String]
         $Id,
 
+        [Parameter()]
+        [System.String[]]
+        $Owners,
+
+        [Parameter()]
+        [System.String[]]
+        $Members,
+
         [Parameter()]
         [System.String]
         $Description,
@@ -625,6 +753,7 @@ function Test-TargetResource
     $ValuesToCheck = $PSBoundParameters
     $ValuesToCheck.Remove('Id') | Out-Null
     $ValuesToCheck.Remove('GroupTypes') | Out-Null
+    $ValuesToCheck.Remove('AssignedLicenses') | Out-Null
 
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
@@ -766,7 +895,6 @@ function Get-M365DSCAzureADGroupLicenses
         {
             if ($allServicePlans.Length -eq 0 -or -not $allServicePlans.ServicePlanName.Contains($servicePlan.ServicePlanName))
             {
-                Write-Verbose -Message "$($servicePlan.ServicePlanId) :: $($serviceplan.ServicePlanName)"
                 $allServicePlans += @{
                     ServicePlanId   = $serviceplan.ServicePlanId
                     ServicePlanName = $serviceplan.ServicePlanName

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.schema.mof

@@ -12,6 +12,8 @@ class MSFT_AADGroup : OMI_BaseResource
     [Key, Description("Specifies a mail nickname for the group.")] String MailNickname;
     [Write, Description("Specifies a description for the group.")] String Description;
     [Write, Description("Specifies an ID for the group.")] String Id;
+    [Write, Description("User Service Principal values for the group's owners.")] String Owners[];
+    [Write, Description("User Service Principal values for the group's members.")] String Members[];
     [Write, Description("Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.")] String GroupTypes[];
     [Write, Description("Specifies the membership rule for a dynamic group.")] String MembershipRule;
     [Write, Description("Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule."), ValueMap{"On","Paused"}, Values{"On","Paused"}] String MembershipRuleProcessingState;

Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1

@@ -466,7 +466,7 @@ function Start-M365DSCConfigurationExtract
                 if ($GenerateInfo)
                 {
                     $exportString.Append("`r`n        # For information on how to use this resource, please refer to:`r`n") | Out-Null
-                    $exportString.Append("        # https://github.com/microsoft/Microsoft365DSC/wiki/$($resource.NAme.Split('.')[0] -replace 'MSFT_', '')`r`n") | Out-Null
+                    $exportString.Append("        # https://github.com/microsoft/Microsoft365DSC/wiki/$($resource.Name.Split('.')[0] -replace 'MSFT_', '')`r`n") | Out-Null
                 }
                 $exportString.Append((Export-TargetResource @parameters)) | Out-Null
                 $i++

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1

@@ -65,7 +65,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     GroupTypes                     = @("Unified")
                     Visibility                    = "Private"
                     Ensure                        = "Present"
-                    Credential            = $Credential;
+                    Credential                    = $Credential;
                 }
 
                 Mock -CommandName New-M365DSCConnection -MockWith {