UPDATE Feb ’23 – David made me do it – well, he didn’t make me at all really, but I did it anyway 🙂. Check out this new post which uses AzAD and AzureAD cmdlets to get the groups and members email, UPN and ObjectID (catering for different member types and groups with no members):
Azure AD – export groups and members #2
UPDATE June ’22 – for on-premises AD check out Active Directory – export groups and members (with email addresses).
# export azure ad groups and members to csv (also output empty groups with 'No Members' value)
# assumes existing connection to Azure AD using Connect-AzureAD (or use a runbook)
$allgroups = Get-AzureADGroup -All $true | select ObjectId,DisplayName
$result = foreach ( $group in $allgroups ) {
$hash = @{GroupName=$group.DisplayName;Member=''}
$groupid = $group.ObjectId
if ( $members = Get-AzureADGroupMember -ObjectId $groupid ) {
foreach ( $member in $members ) {
$hash.Member = $member.DisplayName
New-Object psObject -Property $hash
}
}
else
{
$displayname = "No Members"
$hash.Member = $displayname
New-Object psObject -Property $hash
}
}
$result | Export-Csv -Path C:\temp\AzureADGroups.csv -NoTypeInformation
# EndPowerShell get azure ad group members export to csv
export azure ad group members to csv PowerShell
PowerShell export azure ad user group membership to csv
Hi, first of all thanks for this script, it is exactly what I was looking for. Secondly I am noticing that not all groups are being listed in the output. We’ve got 166 groups in our tenant and they are a mixture of Security and Microsoft 365 groups. I’m noticing that instances of both types are missing. Any help with this issue please?
Hi Brian! Did you try the newer script link below? That uses the new AZ cmdlets so it would be interesting to see if you get the same issue with that.
https://www.howdoiuseacomputer.com/index.php/2022/09/03/export-azure-ad-groups-and-members-to-csv/
Cheers, Simon
Hi Simon, thanks for your reply, but I still can’t get it to work. Excuse my lack of knowledge in Powershell, but I’m still getting to know my way around scripting.
When running the newer script, I am getting the below error for different resources. What resources are they referring to?
Az.MSGraph.internal\Get-AzADUser : Resource ‘d5591f41-94b1-4ff3-b596-f45812e28a93’ does not exist or one of its queried
reference-property objects are not present.
At C:\Program Files\WindowsPowerShell\Modules\Az.Resources\6.5.2\MSGraph.Autorest\custom\Get-AzADUser.ps1:205 char:9
+ Az.MSGraph.internal\Get-AzADUser @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Id = d5591f41…= , Expand = }:f__AnonymousType4`4) [Get-AzADUser_Get], Exc
eption
+ FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Cmdlets.GetAzADUser_G
et
I have already installed the module as explained in your article. Thanks for your help!
Hi Brian, I’ve done some testing and found that Get-AzureADGroup limits output unless the switch -All $true is added. This may explain the missing groups in your output. I’ve updated the page so try it again and see if you get the expected results. The new cmdlet Get-AzADGroup appears to get all groups by default… I’ll see if I can replicate the error you are getting. Cheers, Simon.
Hello again! I’ve updated the new script as well so you shouldn’t get those resource errors now Brian. I was only considering users, but of course there are other objects as well – devices, contacts and other groups can be members, so I’ve added the logic to cater for those.
Cheers! Simon
this is awesome! is there a way we can import these users and groups with the data through Powershell?
Sure you can! Check out the Tenant Mailbox Migration post for an option to create users – https://www.howdoiuseacomputer.com/index.php/2022/04/02/microsoft-365-cross-tenant-migration
Create groups and add members using:
$csvdata = import-csv c:\temp\file.csv
foreach ($line in $csvdata) {
$groupdisplayname = $line.GroupName
$groupnickname = $line.GroupName -replace ‘[^a-zA-Z0-9]’, ”
$userprincipalname = $line.UserPrincipalName
if (!( Get-AzADGroup $groupdisplayname )) {
New-AzADGroup -DisplayName $groupdisplayname -MailNickname $groupnickname -GroupType Security
}
Add-AzADGroupMember -TargetGroupDisplayName $groupdisplayname -MemberUserPrincipalName $userprincipalname
}
Cheers
How can I add the User ID and/ or Userprincipal into the loop?
help very much appreciated.
Hi David, check out my other post https://www.howdoiuseacomputer.com/index.php/2022/04/02/export-active-directory-groups-and-members-to-a-csv-file-with-email-addresses.
It is for legacy AD but you can modify it for Azure using the “azAD” commands. Install the Azure modules: install-module az -skippublishercheck -force -allowclobber -confirm:$false
Here is an example of getting groups then members with Name and UPN:
$allgroups = Get-AzADGroup
foreach ( $group in $allgroups ) {
$groupid = $group.id
$groupdisplayname = $group.DisplayName
$members = Get-AzADGroupMember -GroupObjectId $groupid
foreach ( $member in $members ) {
$memberid = $member.Id
$userinfo = Get-AzADUser -ObjectId $memberid
$username = $userinfo.DisplayName
$upn = $userinfo.UserPrincipalName
Write-Host “$groupdisplayname,$username,$upn”
}
}
Cheers, Simon