Windows 10: Powershell command for enabling Group-Writeback state of an Azure AD Security Group

Discus and support Powershell command for enabling Group-Writeback state of an Azure AD Security Group in Windows 10 Software and Apps to solve the problem; I am trying to do a bulk operation to set Group Write-back state of Azure AD groups to "Security" but am not able to achieve this using powershell. Is... Discussion in 'Windows 10 Software and Apps' started by Sudaiv Shetty, Oct 11, 2023.

  1. SUDAIV SHETTY
    Sudaiv Shetty Win User

    Powershell command for enabling Group-Writeback state of an Azure AD Security Group


    I am trying to do a bulk operation to set Group Write-back state of Azure AD groups to "Security" but am not able to achieve this using powershell. Is there a possible way to automate this using powershell?

    :)
     
    Sudaiv Shetty, Oct 11, 2023
    #1
  2. PAUL C_1
    Paul C_1 Win User

    Foreign Security Principals - Azure AD Sync

    Hi,

    My AD Forest (AD_Forest_EUR) is part of an M365 Tenant alongside the separate AD Forest (AD_Forest_NA) of our parent company. A two-way transitive trust exists between AD_Forest_EUR and AD_Forest_NA and both forests sync up to Azure via a single Azure AD Connect instance located in AD_Forest_NA.

    Within the M365 tenant, Self Service Password Reset (SSPR) is selectively enabled for all members of a security group located in a sub-domain of AD_Forest_NA. We want SSPR to work for the users in AD_Forest_EUR so we nested a group from that forested into the security group which is located in the subdomain of AD_Forest_NA.

    For some reason, the nested group is not appearing as a member of the security group from the sub-domain of AD_Forest_NA when we look at it in Azure even though we can see that it is a member of that group in on-prem AD.

    Microsoft have come back to us and suggested that the 'Foreign Security Principles' (FSP) container in the sub-domain is not selected to sync up to Azure and asked us to add it to sync. My question is, is this advisable? The FSP container contains all foreign security principles from all other external domains as well as the Everyone group. Surely this is a security concern?

    Any advise on whether the FSP container should or shouldn't ever sync up to Azure as well as why a nested security group from an external forest would not appear in a synchronised group in Azure would be greatly appreciated.

    Thanks

    Paul
     
    Paul C_1, Oct 11, 2023
    #2
  3. EGRAY
    egray Win User
    Azure AD user's group membership

    I'm trying to figure out if a user who logs into Azure AD has the following group:

    NT AUTHORITY\Cloud Account Authentication

    I don't have Azure AD, so I can't check.

    So, could someone who has a Azure AD login on a Windows 10 client please run a "whoami /groups" and tell me if that group appears in the list?
     
    egray, Oct 11, 2023
    #3
  4. MOHAMMED ABUZUAITER
    Mohammed Abuzuaiter Win User

    Powershell command for enabling Group-Writeback state of an Azure AD Security Group

    AD Security Groups

    I need to create a new Security Group in On-Prem AD

    This group will be included with domain users members, and i need to exclude (domain admin group and service account group ) members.

    Can you help me on this ?
     
    Mohammed Abuzuaiter, Oct 11, 2023
    #4
Thema:

Powershell command for enabling Group-Writeback state of an Azure AD Security Group

Loading...

  1. Powershell command for enabling Group-Writeback state of an Azure AD Security Group - Similar Threads - Powershell command enabling

  2. Powershell command for enabling Group-Writeback state of an Azure AD Security Group

    in Windows 10 Gaming
    Powershell command for enabling Group-Writeback state of an Azure AD Security Group: I am trying to do a bulk operation to set Group Write-back state of Azure AD groups to "Security" but am not able to achieve this using powershell. Is there a possible way to automate this using powershell?...

  3. Powershell command for enabling Group-Writeback state of an Azure AD Security Group

    in Windows 10 Customization
    Powershell command for enabling Group-Writeback state of an Azure AD Security Group: I am trying to do a bulk operation to set Group Write-back state of Azure AD groups to "Security" but am not able to achieve this using powershell. Is there a possible way to automate this using powershell?...

  4. AD Security groups best practice

    in Windows 10 Software and Apps
    AD Security groups best practice: So I'm trying to do a bit of cleanup in our org. All folders have individuals in them. I want to switch to security groups. So HR for instance. 2 HR managers have full access. But one user has modify access. So I assume I would create 1 group for full access with the 2...

  5. AD Security groups best practice

    in AntiVirus, Firewalls and System Security
    AD Security groups best practice: So I'm trying to do a bit of cleanup in our org. All folders have individuals in them. I want to switch to security groups. So HR for instance. 2 HR managers have full access. But one user has modify access. So I assume I would create 1 group for full access with the 2...

  6. AD Security groups best practice

    in Windows 10 Gaming
    AD Security groups best practice: So I'm trying to do a bit of cleanup in our org. All folders have individuals in them. I want to switch to security groups. So HR for instance. 2 HR managers have full access. But one user has modify access. So I assume I would create 1 group for full access with the 2...

  7. AD Security Groups

    in Windows 10 Gaming
    AD Security Groups: I need to create a new Security Group in On-Prem ADThis group will be included with domain users members, and i need to exclude domain admin group and service account group members.Can you help me on this ?...

  8. AD Security Groups

    in Windows 10 Software and Apps
    AD Security Groups: I need to create a new Security Group in On-Prem ADThis group will be included with domain users members, and i need to exclude domain admin group and service account group members.Can you help me on this ?...

  9. Adding Azure AD group to local group fails

    in Windows 10 Customization
    Adding Azure AD group to local group fails: The command below fails with error "there is no such global user or group: AzureAd\*** Email address is removed for privacy ***"net localgroup administrators "AzureAD\*** Email address is removed for privacy ***" /AddI have tried using the SID, no AzureAD, and no domain and...

  10. need a script to add group or groups to AD workstations maybe powershell?

    in Windows 10 Customization
    need a script to add group or groups to AD workstations maybe powershell?: I need a script or batch job or powershell to add one or more ad groups to newly imaged or upgraded workstations. Anyone have it already written or can I do it to multiple workstations using my ad tools ?...