jcallaghan/Create-AADGroupClassification.ps1

## Create-AADGroupClassification.ps1
<#

Azure Active Directory cmdlets for configuring group settings
Reference - https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-settings-cmdlets

Note:
Update group classifications (lines 39 and 40)
Set GroupCreationAllowedGroupId to your group if change is required (lines 30 and 31)
#>

## Get and review tenant config
Connect-MsolService
Get-MsolCompanyInformation

# Requires AAD module (UAC install)
# Uninstall-Module AzureAD
# Install-Module AzureADPreview -AllowClobber

# Connect to AAD
Connect-AzureAD

## Get AAD setting templates
#Get-AzureADDirectorySettingTemplate

## Review current configuration
$existingADSettings = Get-AzureADDirectorySetting
$existingADSettings | ForEach Values

# Review the group applied to GroupCreationAllowedGroupId
# $groupID = "your group ID here" # to apply a new group and comment out the next line
$groupID = $existingADSettings.Values | where-object {$_.name -eq "GroupCreationAllowedGroupId"}
if($groupID -ne $null){
    write-host "GroupCreationAllowedGroupId = $($groupID.Value)"
    Get-AzureADGroup -ObjectId $groupID.Value
}

## Apply new classifications
$Template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
$Setting = $template.CreateDirectorySetting()
$setting["ClassificationList"] = "Contoso Users Only,Contoso Users and External Guests"
$setting["ClassificationDescriptions"] ="Contoso Users Only:For internal usage only,Contoso Users and External Guests:External access permitted"
$setting["GroupCreationAllowedGroupId"] = $groupID.Value

# If no settings exist as per line 25 use this command
New-AzureADDirectorySetting -DirectorySetting $setting

# If settings exist as per line 25 use the command
Set-AzureADDirectorySetting -id $existingADSettings.Id -DirectorySetting $setting
	<#

	Azure Active Directory cmdlets for configuring group settings
	Reference - https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-settings-cmdlets

	Note:
	Update group classifications (lines 39 and 40)
	Set GroupCreationAllowedGroupId to your group if change is required (lines 30 and 31)
	#>

	## Get and review tenant config
	Connect-MsolService
	Get-MsolCompanyInformation

	# Requires AAD module (UAC install)
	# Uninstall-Module AzureAD
	# Install-Module AzureADPreview -AllowClobber

	# Connect to AAD
	Connect-AzureAD

	## Get AAD setting templates
	#Get-AzureADDirectorySettingTemplate

	## Review current configuration
	$existingADSettings = Get-AzureADDirectorySetting
	$existingADSettings \| ForEach Values

	# Review the group applied to GroupCreationAllowedGroupId
	# $groupID = "your group ID here" # to apply a new group and comment out the next line
	$groupID = $existingADSettings.Values \| where-object {$_.name -eq "GroupCreationAllowedGroupId"}
	if($groupID -ne $null){
	write-host "GroupCreationAllowedGroupId = $($groupID.Value)"
	Get-AzureADGroup -ObjectId $groupID.Value
	}

	## Apply new classifications
	$Template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
	$Setting = $template.CreateDirectorySetting()
	$setting["ClassificationList"] = "Contoso Users Only,Contoso Users and External Guests"
	$setting["ClassificationDescriptions"] ="Contoso Users Only:For internal usage only,Contoso Users and External Guests:External access permitted"
	$setting["GroupCreationAllowedGroupId"] = $groupID.Value

	# If no settings exist as per line 25 use this command
	New-AzureADDirectorySetting -DirectorySetting $setting

	# If settings exist as per line 25 use the command
	Set-AzureADDirectorySetting -id $existingADSettings.Id -DirectorySetting $setting