Connect to AzureAD first via powershell.
Start the Powershell as admin first.
Before running the script you need to check if you can execute the scripts on Windows:
Get-ExecutionPolicy -List
If it's undefined allow the current user to execute the scripts:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Move groupcreators.ps1 script to C:\WINDOWS\system32 and try running it. Replace $GroupName = “Group Creators”
with the name of the group that you created.
Example of successful output:
PS C:\WINDOWS\system32> .\GroupCreators.ps1 Account Environment TenantId TenantDomain AccountType ------- ----------- -------- ------------ ----------- user@example.org AzureCloud 5dxxxxx-xxx1-4xxa-xxxx-xxxxxxxxxc0 example.org User Id : xxxxxxxx-xxxxx-xxxxxx-xxxx-xxxxxxxxxx DisplayName : TemplateId : xxxxxxxx-xxxxx-xxxxxx-xxxx-xxxxxxxxxx Values : {class SettingValue { Name: EnableMIPLabels Value: False } , class SettingValue { Name: CustomBlockedWordsList Value: } , class SettingValue { Name: EnableMSStandardBlockedWords Value: False } , class SettingValue { Name: ClassificationDescriptions Value: } ...} Name : EnableMIPLabels Value : False Name : CustomBlockedWordsList Value : Name : EnableMSStandardBlockedWords Value : False Name : ClassificationDescriptions Value : Name : DefaultClassification Value : Name : PrefixSuffixNamingRequirement Value : Name : AllowGuestsToBeGroupOwner Value : False Name : AllowGuestsToAccessGroups Value : True Name : GuestUsageGuidelinesUrl Value : Name : GroupCreationAllowedGroupId Value : xxxxxxxx-xxxxx-xxxxxx-xxxx-xxxxxxxxxx Name : AllowToAddGuests Value : True Name : UsageGuidelinesUrl Value : Name : ClassificationList Value : Name : EnableGroupCreation Value : False
GroupCreationAllowedGroupId
indicates which group is now allowed to create groups.
EnableGroupCreation
now shows False.