Since I rely heavily on standardization for my clients, I have created a new script that I would like to share with you here.
You can find the GitHub link at the end of this article.

Why does it make sense to create and manage licence groups in a standardized and automated way?

There are several reasons: One of them is that the landscape looks the same or similar when looking after several customers.

On the other hand, this is faster and the error rate when creating and assigning licences is practically eliminated.
The aim of this script is to create the most commonly used licence groups on-premise, then synchronize them in the direction of Azure Active Directory and automatically carry out the corresponding licence assignment.

It is important that the required licences are already available in the M365 tenant before this script is executed.
Here is the documentation on how this script works:

As already mentioned, the required licences must already be available in the tenant.

Furthermore, it must be ensured in advance that the OU where the licence groups are to be created is already preconfigured in the Azure AD connect.


Once these two points have been prepared, the script can begin.

After executing the script, it first checks whether the Active Directory module is already present. Since I recommend executing this script on a domain controller, there should be no problems here.
The next step is to set the only variable. This is the OU path where the licence groups are to be created. How to enter this variable is shown in yellow as an example in the prompt.
Now the licence groups are created on the on-premise Active Directory. As shown in the picture, it can happen that certain groups cannot be created. These are highlighted in colour.


The reasons why this is the case must be analysed accordingly. In this example, the reason is that these groups already exist.

After the creation of the groups is completed, a summary is shown of which of the groups have actually been created.
The next step is to try to run an Azure AD sync.


If this is successful, we get a message that looks like this screenshot.

If there is no Azure AD connect installed on the system where the script is executed, this message will be displayed.

This means that either a manual sync must be initiated or we must wait until the autosync has been performed before we can continue.

After the sync between on-premise and the Azure Active Directory has been successfully completed, we now have to log in to the Azure Active Directory via PowerShell.


This script checks whether the corresponding PowerShell module is installed, if this is not the case, the module is installed first before continuing.

Then we have to log in to the module with the appropriate credentials.
The same process as for the Azure Active Directory PowerShell module is also carried out for the second module. This is the Azure Licensing Module. If this is not available, it is installed first and then we can log in.
Now the script checks which licences are available in the tenant and links them to the corresponding licence group that was previously created and synced on-premise.
Afterwards, the script points out again that assignments have only been made for those groups that also have a corresponding licence.

It also refers to a corresponding Microsoft Technet article.


This article can be opened directly from the script. Select “Y” if you want to, or “N” if you do not want to.

If we continue with the selection “Y”, the corresponding Technet link from Microsoft is called up.
After that, the script is complete.
As a review, we see the created groups with the corresponding description in the on-premise Active Directory. Here we can now add our users to assign a corresponding licence.
Also on the Azure Active Directory page we see the corresponding synced groups.


I hope this script helps you to take another step towards automation.

However, I recommend that you run this script in a LAB the first time you use it. You have all rights to adapt and reproduce this script for your own use. However, you do not have the right to sell this script to third parties.


You can find the script here on my GitHub page.


Have fun with it…