Make New-PnPTeamsTeam work with Managed Identity

[damsleth]

Type

• Bug Fix
• New Feature
• Sample

Related Issues?

Fixes #2977, #1807

What is in this Pull Request ?

• Adds team owners and members after team creation, since calling the /teams/{group.Id}/members/add endpoint when there is no team fails with New-PnPTeamsTeam: Not Found (404): No Team found with Group id: {groupId}
• Inverts the boolean on L296 in TeamsUtility.cs, avoiding calls to the /me endpoint when an owner is already resolved. This is particularly useful when using a managed identity, since /me calls are only valid with a delegated auth flow.

[wobba]

Is the call to "v1.0/teams/{group.Id}/members/add even needed? As all owners/members of a group should be default become members of the team? Or do two calls, where you add them as team members after the groups is initially created with owners/members.

[KoenZomers]

Thanks @damsleth for your contribution! Appreciate it!

[khha]

@damsleth @KoenZomers @wobba is it now possible to Teamify a non-group-based team site from an Azure function by a managed identity?

[wobba]

@khha A site has to have an associated AAD group in order to be used in a Team. So you need to group'ify first still if you have a stand-alone site you want to use as a Team. So the description of this cmdlet stands as per https://pnp.github.io/powershell/cmdlets/New-PnPTeamsTeam.html

[hajjkh]

@wobba but in the documentation I see "If the Microsoft 365 Group does not exist yet, it will create it first and then add a Microsoft Teams team to the group.". It looks like they build it by design to Groupify automatically before Teamify. Thats exactly where I am looking for because I would like to Groupify and Teamify.

[KoenZomers]

@damsleth @KoenZomers @wobba is it now possible to Teamify a non-group-based team site from an Azure function by a managed identity?

My motto is always seeing is believing :) Just give it a try and see if it works. One thing I stumbled upon myself is that in 2.5.0 it seems that something with regards to Managed Identity is broken. Still need to dig into that. Give it a try with 2.4.0 to play on the safe side of things.

[wobba]

@hajjkh correct. The cmdlet does not take a SharePoint site as input, so the description is correct. Here is the technical ways you can get to a team.

1. Create Team from scratch. Creates a group behind the scenes first, then creates a team and associates it and create a SharePoint site and associate it
2. Create Team on a group. Creates a new Team and associate it with the AAD group
3. Create Team on a SharePoint site. You first need to create a group, and associate the site to the Group. Then create a team which is associated to the group as well.

This cmdlet cover scenario 1 and 2. Above, If someone wants to extend it to scenario 3, that is a possibility. Which is effectivly calling Add-PnPMicrosoft365GroupToSite first.

As we're using powershell, just run the two commands in sequence :)

[hajjkh]

@wobba I would like to Teamify existing SharePoint team sites. My script is working local under my account as SharePoint administrator. But from an Azure function under a managed identity not. I use this sequence:

1. Add-PnPMicrosoft365GroupToSite -Url $targetProjectSiteURL -Alias $m365GroupAlias -DisplayName $web.Title -KeepOldHomePage
2. Add-PnPTeamsTeam

I will try an older version of the pnp module. Let's hope it will work.

[wobba]

May be that PnPMicrosoft365GroupToSite don't work with app permissions. Haven't checked.

[hajjkh]

@wobba @KoenZomers still not working in pnp version 2.4.0