So, in this post I'll show you how to move a schedule task (or a repetitive task that has not yet been converted to a schedule task :P) to the cloud. This includes credential-management and Powershell-modules needed.
First thing first: I assume basic knowledge of Azure Automation and the steps included in my previous post: Getting Started with Azure Automation.
The Script we want to schedule
So for this post I decided to take the script (function) I made the other week for synchronizing an AD- or Azure Group with Teams (Synchronizing AD Security Group Membership with Teams - the Powershell way.
The full script can be found here: https://github.com/selevik/a.random.name/blob/master/Sync-ADGroupWithTeams/Sync-AADGroupMembersWithTeam.ps1
Using the Script in an Automation
First we need to create the Automation Account, or select the previously created one. In my case it's the one we created in my last post: randomAutomation.
Now for the credentials bit needed for the script we want to store them securely and accessible for our Automation Runbook. The easiest way to achieve this is to select the Automation Account - in my case randomAutomation - select Credentials under Shared Resources and press Add Credential:
Fill in your secret Admin or Team owner credentials and click Create:
Now, for our Script we need to get two Powershell modules, MSOnline and the new Teams Module. Under Shared Resources select Modules and click Add a module (note: you can also upload custom modules here):
Search for the module name and select it:
Note how we get to see all the available Cmdlets in the module - pretty neat! But now, click Import:
Repeat for last two steps for both MSOnline and Teams.
Now add the function to the script (ie: https://github.com/selevik/a.random.name/blob/master/Sync-ADGroupWithTeams/Sync-AADGroupMembersWithTeam.ps1) by selecting the Runbook and click Edit. Paste the full function.
Now we need to fix the function a bit so we actually get some output (it only has Write-Host in it and as we have learned before we should use Write-Output instead). Press Ctrl+f and press the arrow to the left in the window that showed up. Now we can replace all
Next step is to actually use the credentials we added. To the left under Assets we can right click the credentials and select Add to canvas:
This will show us how to use Credentials in our Script:
Get-AutomationPSCredential -Name 'AdminCred'. We will store this in a variable called
Now to actual call the function we need to... call it :) with this line (stolen from the first example in the help for the function):
Sync-AADGroupMembersWithTeam -TeamName 'A Random Name' -AADGroupName 'aRandomName'. All we need to do now is to add a:
-Cred $Cred to actually use our credentials. But there is one more problem... We do not want the TeamName and AADGroupName to be hardcoded... So lets fix that right away at the very top of the Runbook:
Now the runbook accepts (it's actually required):
$AADGroupName. Now scroll down under the function and fix the line to call the function to:
Sync-AADGroupMembersWithTeam -TeamName $TeamName -AADGroupName $AADGroupName -Cred $Cred
It should look something like this now, especially if you add a
Write-Output "All Done!" in the very end:
Let's take it for a test-run. CLick Test Pane and just accept to save the script. Fill in the details (parameters) and click Start:
All done! Or... For it to actually be an Automation we have to set up a way to start it. First we need to close the Test-Pane (and yes, select OK, discard changes - it's only for the Test pane). Now we need to Publish the Runbook. Then we can click Schedule on the start screen, where you arrive after Publishing and then set up a schedule for it to run:
(and don't forget to add parameters where the red exclamation mark is).
In the future
I'll explore different ways to start an automation and add some error handling by calling other runbooks and status mails in the future.
Until next time! Enjoy! ;)