Powershell script to move the Azure Subscriptions from Tenant Root Group to Specified Management Group

Question

The script which I have created is identifying the subscription with the quota ID and its moving all the subscriptions with the respective quota ID to the Specified Management Group.

Connect-AzAccount
$targetManagementGroupId = "Target Management Group"
$subscriptions = Get-AzSubscription
foreach ($subscription in $subscriptions) {
#Get detailed subscription information, including quota ID and current management group
$subscriptionDetails = Get-AzSubscription -SubscriptionId $subscription.Id | Select-Object -ExpandProperty ExtendedProperties
$quotaid = $subscriptionDetails.SubscriptionPolices | ConvertFrom-Json | Select-Object -ExpandProperty quotaId
#Check if the subscription is MSDN and not already in the target management group
    if ($quotaId -eq "MSDN_2014-09-01" -and $subscription.ManagementGroupId -ne $targetManagementGroupId) {
        try {
#Move the subscription to the target management group
            New-AzManagementGroupSubscription -GroupId $targetManagementGroupId -SubscriptionId $subscription.Id
            Write-Host "Subscription '$($subscription.Name)' has been moved to the management group '$targetManagementGroupId'."
        } catch {
            Write-Error "Error processing subscription '$($subscription.Name)': $($_.Exception.Message)"
       }
    } else {
        Write-Host "Subscription '$($subscription.Name)' is either not an MSDN subscription or is already in the target management group."
    }
}

I want the script to move only the subscriptions which are part of the Tenant Root Group which have the exact quota Id, and not move the subscriptions which are present in another management groups.

Answer 1

I have figured it out, i have added tags to the subscription based on the quota id, and then move it to the target management group

# Connect to Azure with System Assigned Managed Identity
Connect-AzAccount -Identity

# Specify the target management group where the subscription needs to be moved
$targetManagementGroup = "TargetMG"

# Define the tag to check
$tagToCheck = "MSDN_Migration"

# Specify the required quota ID
$requiredQuotaId = "MSDN_2014-09-01"

# Get all subscriptions
$subscriptions = Get-AzSubscription

foreach ($subscription in $subscriptions)
{

    # Get the quota ID for the current subscription

    $subscriptionDetails = Get-AzSubscription -SubscriptionId $subscription.Id | Select-Object -ExpandProperty ExtendedProperties

    $currentQuotaId = $subscriptionDetails.SubscriptionPolices | ConvertFrom-Json | Select-Object -ExpandProperty quotaId

    # Check if the subscription has the required quota ID
    if ($currentQuotaId -eq $requiredQuotaId)
    {
        # Get tags for the subscription
        $subscriptionTags = (Get-AzTag -ResourceId "/subscriptions/$($subscription.Id)" -ErrorAction SilentlyContinue).Tags

        # Check if the tag exists and matches the value

        if ($subscriptionTags -and $subscriptionTags.ContainsKey($tagToCheck) -and $subscriptionTags[$tagToCheck] -eq "Yes")
        {
            Write-Output "Skipping subscription '$($subscription.Name)' as it already has the tag '$tagToCheck' with the value 'Yes'."
        }
        else
        {
            # Add the tag to the subscription

            $newTag = @{ $tagToCheck = "Yes" }

            Update-AzTag -Tag $newTag -ResourceId "/subscriptions/$($subscription.Id)" -Operation Merge

            Write-Output "Added tag '$tagToCheck' to subscription '$($subscription.Name)'."

            # Move the subscription to the target management group if it's not already there
            $subscriptionInTargetMg = Get-AzManagementGroupSubscription -GroupName $targetManagementGroup -SubscriptionId $subscription.Id -ErrorAction SilentlyContinue

            if ($subscriptionInTargetMg)
            {
                Write-Output "Subscription '$($subscription.Name)' is already part of the target management group '$targetManagementGroup'."
            }
            else
            {
                New-AzManagementGroupSubscription -GroupName $targetManagementGroup -SubscriptionId $subscription.Id
                Write-Output "Moved subscription '$($subscription.Name)' to management group '$targetManagementGroup'."
            }
        }
    }
    else
    {
        Write-Output "Skipping subscription '$($subscription.Name)' as it does not have the required quota ID '$requiredQuotaId'."
    }
}

Answer 2

PowerShell script to move the Azure Subscriptions from Tenant Root Group to Specified Management Group:

Your code looks good except one change. Add below command to retrieve the root management group name and check it in if loop along with the quotaId as shown below.

$tenantrootgroup = (Get-AzManagementGroup -GroupName "/").Id #Alter the group name as per your requirements

 if ($quotaId -eq "xxxx" -and $subscription.ManagementGroupId -ne $tenantrootgroup)
 try { 
  New-AzManagementGroupSubscription -GroupId $targetManagementGroupId -SubscriptionId $subscription.Id 
  Write-Host "Subscription '$($subscription.Name)' has been moved to the management group '$targetManagementGroupId'." 
  }
  #Same as your code