In this post, I want to show you how you can add a new Member to a Microsoft Teams Team with PowerShell using MS GRAPH API.
Some of the Use cases❗
✔️Make sure not everyone can add a new Team Member.
✔️Control your Members of a Team outside Teams.
✔️Many more…
API Reference and Permissions
We used the following Docs to get this Script up and running
- Get a user – Microsoft Graph v1.0 | Microsoft Docs
- List all teams in Microsoft Teams for an organization – Microsoft Graph | Microsoft Docs
- Add member to team – Microsoft Graph v1.0 | Microsoft Docs
and I configured the following Permissions
To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy
- User.Read.All
- User.ReadWrite.All
- TeamMember.ReadWrite.All
The Script
$clientID = "your ID"
$Clientsecret = "your Secret"
$tenantID = "Your Tenant"
$TeamName="Marketing"
$Member="michael@techguy.at"
#Connect to GRAPH API
$tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $clientId
Client_Secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody
$headers = @{
"Authorization" = "Bearer $($tokenResponse.access_token)"
"Content-type" = "application/json"
}
#Get Member ID
$URLMember = "https://graph.microsoft.com/v1.0/users/$Member"
$ResultMember = Invoke-RestMethod -Headers $headers -Uri $URLMember -Method Get
#Get Team ID
$URLTeam = "https://graph.microsoft.com/v1.0//groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')"
$ResultTeam=(Invoke-RestMethod -Headers $headers -Uri $URLTeam -Method Get).value | Where-Object -Property displayName -Value $TeamName -eq
#Add User
$URL = "https://graph.microsoft.com/v1.0/groups/$($ResultTeam.id)/members/`$ref"
$body = [ordered]@{
"@odata.id" = "https://graph.microsoft.com/v1.0/users/$($ResultMember.id)"
}
$bodyJSON = $body | ConvertTo-Json
Invoke-RestMethod -Headers $headers -Uri $URL -Method POST -Body $bodyJSON
GitHub Repo
Here you can find the GitHub Repo with a lot of other examples: Seidlm/Microsoft-Teams (github.com) and Seidlm/Microsoft-Graph-API-Examples (github.com)
Delegate adding Team Members as Self Service with au2mator
With au2mator Self Service Portal, you can create a Service and delegate the task to add new Members to a Microsoft Teams Team.
Some of the Use cases❗
✔️Make sure not everyone can add new Team Members.
✔️Control your Members of a Team outside Teams.
✔️Many more…
More Details: www.au2mator.com
Michael Seidl aka Techguy
au2mate everything
Hi, I’m having a problem with using this line of code: $URL = “https://graph.microsoft.com/v1.0/groups/$($ResultTeam.id)/members/`$ref”
I can’t figure out where $ref on the end of the line is coming from…
Also in the line above is a strange thing ending on -eq
Is this normal?
Thanks
Hi, would recommend getting the Code from GitHub Repo, to prevent wrong Characters when you copy the Code from the Blog
the “$ref” is just the URL, this is not a PowerShell Variable
Sometimes it can happen that you do not need the ` before the $ Sign.
Leave it to Microsoft to take this…
$teamname = “IT Department”
$WORKEMAIL = “fflintstone@mydomain.com”
Add-TeamUser -GroupId ((Get-Team -displayname $teamname).GroupId) -User $WORKEMAIL
and turn it into above…
Not sure what you want to tell us here, this post is about native MS Graph, not the PowerShell Module
I’ve found that I can’t add users to all Teams with the above script. Some teams I can add users to, and some I can’t. Still scratching my head as to why.
I thought it was because I wasn’t a member. So I added myself. Still didn’t work.
I thought maybe because I wasn’t an owner. So I made myself an owner. Still didn’t work.
Below is the error I recieved…
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At H:\IG Setup Files\Scripts\add-user-teams.ps1:45 char:1
+ Invoke-RestMethod -Headers $headers -Uri $URL -Method POST -Body $bod …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Sorry Michael, just venting I guess. Microsoft took what was a one-liner to add a user to a Team and made it a 40 liner.
Just figured out why I can’t add users to all Teams. It turns out something in the script is keeping it from retrieving the complete list of Teams. With mine, it stops after Teams that start with F, Therefore with I try to add it to a Team called Resume, it fails. Now if I can only figure out how to get it to retrieve the complete list. Any ideas?
Hi, I understand. there are just 2 ways (or even more) to solve a Request, and I like to work with REST API, so that’s why I work with native GRAPH API, feel free to work with GRAPH PowerShell Module.
Nice article. Thanks for your effort. The ` before $ref fixed my problem with error 400 Bad request.