If you’ve followed along and are receptive to Microsoft best practices, you should be aware that using group based licensing in Azure AD is the go-to method for assigning licenses to your users in the cloud. I must say, group-based licensing is definitely much easier to manage but it does have some draw backs. I listed those in the article above, but today we’ll focus on learning how to reprocess user license assignments using Graph API and Powershell should an issue arise with conflicting licenses.
Table Of Contents
Requirements
Since this will utilize Graph API to drive these requests, you’ll need the following rights on the Service Principal or account that’s making the modification.
- User.ReadWrite.All and Directory.ReadWrite.All Permissions
- Azure AD P1/P2 is needed for Group Based Licensing
This should get you up and running with zero previous working knowledge.
Reprocess Users at the Group Level
Before we get started, I should preface this by saying that I am well aware that there is a way to reprocess the licenses at the group level. However, if you work in a large organization with tens of thousands of users in a group, this may take more time than what’s needed.
Also, in the event that you only need to reprocess a handful of users instead of the masses that are in the group, this would tend to make more sense.
Reprocessing done at the group level
Reprocess User License Assignments using Graph API and PowerShell
Now that we know how to connect to Graph API and opted to reprocess at the user level instead of the group level, let’s learn how to use Powershell so you can programmatically reprocess licenses on the user level.
This can be done using the Microsoft.Graph Powershell SDK module or calling the REST API directly.
Use the Microsoft.Graph Powershell SDK module
When using the Microsoft.Graph Powershell SDK you only need to use a single cmdlet.
Import-Module Microsoft.Graph.Users.Actions Invoke-MgLicenseUser -UserId $userId
Use the REST API directly
If you want to call the REST API directly, you can simply do this.
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users/$userid/reprocessLicenseAssignment" -Method POST -ContentType application/json -Body "$null"
Since I’m a Powershell enthusiast and I love making scripts, I also wrote a wrapper before I knew the SDK command was available. So, in the spirit of sharing, I’ll post that code here.
Function Invoke-MsGraphReprocessLicenseAssignment {
<#
.SYNOPSIS
Reprocess a user's license assignment using Graph Api
.NOTES
Name: Invoke-MsGraphReprocessLicenseAssignment
Author: Paul Contreras
Version: 1.0
DateCreated: 2021-Jan-20
.EXAMPLE
Invoke-MsGraphReprocessLicenseAssignment -UserId [email protected]
.LINK
https://thesysadminchannel.com/reprocess-user-license-assignments-using-graph-api-and-powershell/ -
#>
[CmdletBinding(
SupportsShouldProcess,
ConfirmImpact='Medium'
)]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)]
[Alias('UserPrincipalName')]
[string[]] $UserId
)
BEGIN {}
PROCESS {
foreach ($User in $UserId) {
try {
$GraphUser = Get-MgUser -UserId $User | select -ExpandProperty Id
if ($PSCmdlet.ShouldProcess("Reprocessing license assignments for: $User") ) {
$Reprocess = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users/$GraphUser/reprocessLicenseAssignment" -Method POST -ContentType application/json -Body "$null" -ErrorAction Stop
[PSCustomObject]@{
Id = $Reprocess['id']
DisplayName = $Reprocess['displayName']
UserPrincipalName = $Reprocess['userPrincipalName']
JobTitle = $Reprocess['jobTitle']
}
}
} catch {
Write-Error $_.Exception.Message
}
}
}
END {}
}
Conclusion
Hopefully this article was able to clearly show you how to reprocess user license assignments using Graph API and PowerShell. It’s been a great help to be able to reprocess users on a individual level without having to shake the bucket for thousands of users when it’s not needed.
